Threat Based Cybersecurity — Automated
Lighthouse enables customers to use the same inputs, methodology, and processes as traditional DoDCAR and GovCAR analysis including selecting preferred Threat Framework, importing latest Threat Assessment, Capability Mitigation Analysis, and Security Capability Coverage in relation to the threat. However, instead of the traditional manual process, Lighthouse uses testing platforms like Verodin to comprehensively, automatically, and proactively test the performance of a customers cybersecurity controls against representative threat tactics. This approach provides significant benefits:
Empiric Data of Actual performance
Continuous validation and improvement of performance over time
Repeatable process that helps agencies tune currently deployed capabilities
Lighthouse represents a significant innovation for customers to prioritize their cybersecurity investments—ensuring they are focused on the most important threats. Lighthouse empowers Departments and Agencies to make threat-based risk decisions required by E.O. 13800.
Lighthouse allows users to select their preferred Threat Framework to use the for analysis. Current options include the NSA/CSS Technical Cyber Threat Framework and MITRE ATT&CK. Lighthouse maps these tactics to test actions, conducts the test against customer systems, and provides the results to assess overall capability coverage.
Lighthouse imports threat assessments and allows users to customize according to specific user requirements. This process can be automated as new information is revealed.
Capability Mitigation Scoring
Conducting comprehensive tests and pulling results from test platforms, Lighthouse quickly assesses what portions of your security controls are working and which portions need help.
By combining threat assessment with capability scoring, Lighthouse can identify current attack surface. It identifies priority gaps and areas for further analysis.
“Both the enhanced metrics and the GovCAR program will help set the direction for Federal cybersecurity for years to come”
Suzette Kent, Federal CIO and Grant Schneider, Acting CISO and Senior Director for Cybersecurity Policy