Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities.
Integrated into RangeForce’s Threat Centric platform and mapped to both the MITRE ATTCK and D3FEND frameworks, the DRI scores an organisation’s readiness to respond to cyberattacks, the firm said in a press release.
It also provides cybersecurity upskilling rooted in United States Department of Defense and NATO training to help teams to prepare for threats, it added.
Strong and effective cyber readiness can be challenging for many organisations. The latest Cisco Cybersecurity Readiness Index, which ranks companies in four stages of cybersecurity readiness (beginner, formative, progressive, and mature), found that more than half of organisations fall into either the beginner or formative category, with only 15% in the mature stage.
Identity management is recognised as the most critical area of concern with 58% of organisations either in the formative or beginner category, while 56% of organisations were at the lower end of the readiness spectrum for network protection.
DRI ranks organisations’ cybersecurity readiness on a scale of 1 to 5
The DRI pinpoints weaknesses in an organisation’s cybersecurity capabilities, enabling them to assess skills gaps and implement strategic recommendations to plug them, RangeForce said. It also informs senior management with objective metrics, providing visibility into the strength of their cybersecurity teams.
The DRI ranks organisations on a scale of 1 to 5, each with its own set of controls and practices to provide visibility into where defensive teams stand in terms of competency against cyberattacks, RangeForce said.
Furthermore, it provides insight into a team’s mix of demonstrated skills, their capabilities to detect and disrupt threats, their ability to collaborate on investigations, where skill gaps exist, and the associated costs, it claimed.
A roadmap helps companies focus on the skills needed to move up to the next level (or to remain at the same level as the threat landscape evolves over time) while assessment and reporting mechanisms are enhanced to help businesses measure progress.
DRI incorporates US DoD, NATO cybersecurity training
The DRI draws upon collaborative work with the US Department of Defense (DoD) and NATO. “NATO runs the largest international cybersecurity exercises in the world, and defends against nation-state level attacks,” said Taavi Must, co-founder and CEO, RangeForce.
“But we found – when it came to defense – even their teams needed to practice using real tools, in real time, under stressful conditions. We developed customised training to provide visibility into skills gaps, and to identify areas for improvement. Then we focused on scaling our platform, extending the same benefits to everyone with the launch of RangeForce.
“Based on DRI results, teams are provided a curated training plan built from RangeForce’s library of 1000-plus on-demand training modules,” Tanner Howell, global director of solution engineering at RangeForce, tells CSO.
“For example, let’s say an organisation is targeting a DRI level of 4. If, when they complete a team exercise at that DRI level, they are not able to appropriately deconstruct the malware to mitigate the threat, they will be given a curated training plan including RangeForce modules specifically focused on differing malware deconstruction techniques.”