BlueFort views an organisation’s IT estate through the lens of its continuous discovery, validation and control methodology. This is closely aligned to the NIST framework and Gartner’s Continuous Threat Exposure Management (CTEM) program, which recommends organisations establish regular repeatable cycles to establish consistent, actionable security posture remediation plans, that are easily understood at both a business operations and a technical level.
The initial challenge that BlueFort’s consultants helped Ian Butcher, IT Security Manager at Abri Housing meet, focused on the discovery pillar in the methodology. This meant identifying what assets the organisation had, where they resided, what its security state was, and, importantly for compliance purposes, what urgent remediations needed to be made.
Like many organisations, the true scope of Abri Housing’s attack surface exceeded its legacy vulnerability management approach, so clearly establishing and defining the organisation’s attack surface was also a critical first step; as this represents the most vulnerable entry points potential threat actors might look to exploit.
The discovery process identified all of the IT assets that make up the organisation’s attack surface—even ones that were not currently known or initially visible—uncovering hidden assets, misconfigurations and vulnerabilities.
To put effective controls in place, Ian’s team needed to have a 24/7 understanding of the total IT infrastructure, in order to identify potential and actual weaknesses in Abri Housing’s security posture.