THE DEFENDABLE NETWORK
Every organization views the business impact of IT and risk differently. That’s why cybersecurity recommendations should be balanced against unique culture and business requirements. Developed by Critical Start, The Defendable Network is a framework that aligns security improvement measures with an organization’s Security Readiness Condition (SecCon).
PREVENT. RESTRICT. DETECT. RESPOND.
Create an IT infrastructure that’s capable of being protected against attack and disruption. Critical Start’s proven framework, The Defendable Network, demystifies complex security standards, while also adapting to ever-evolving technologies and threats.
The Defendable Network framework combines controls for people, policy, and products to boost an organization’s ability to resist initial compromise, restrict lateral movement, and detect and respond to breaches while maintaining security governance. Influenced by popular frameworks like PCI, NIST, SANS, ISO, and ASD35, The Defendable Network simplifies implementation by providing defined, detailed, and actionable controls. These controls map to a specific SecCon level, which allows organizations to align their security efforts with their business objectives.
Prevent compromise before it happens. How could you benefit from a more proactive security approach?
If an attacker gets inside your network, how far can they go? Protect critical assets and information by restricting lateral movement.
Monitor network infrastructure to recognize suspicious activity and receive timely alerts. What’s your plan for failure?
Timely response is a critical component of any sound security strategy. What’s your approach to incident response?
security readiness condition?
From risk tolerance to budget constraints to compliance requirements, your business needs are diverse. That’s why we’ve developed a unique approach to evaluating Security Readiness Condition or SecCon.
Find Your SecCon Level with our quiz below.
SECURITY TO FIT YOUR STRATEGY
When it comes to security strategy, one size doesn’t fit all. Some organizations have basic needs when it comes to security. Their goals and needs are simple. Others must contend with compliance requirements, but their budget is still limited. Some organizations must protect highly sought-after assets and require advanced security protocols and intense manpower and expertise. And some organizations fall somewhere in the middle of the spectrum.
Our SecCon levels are described below. The Defendable Network framework maps to each of these levels to support the development of security programs that suit an organization’s own strategy.
Critical Start has developed detailed reference architectures for each our SecCon levels within The Defendable Network framework. View descriptions of each SecCon level and download the reference architectures below.
Security focuses on implementing controls that can prevent basic, automated attacks, without affecting any other aspect of the organization.
Given the nature of the organization, mandated compliance requirements drive the implementation of security controls.
Using their peers as a baseline, the organization implements security controls to meet risk acceptance while avoiding impact to user experience.
Leading the industry in security control implementation, the organization prioritizes a culture of security, with a heavy investment in the proper products to protect the business.
A breach of the organization could result in possible loss of life or a threat to national security. Most worried about nation-state sponsored attacks, security is prioritized over user-acceptance and cost.