Most security frameworks describe the enterprise as a collection of assets: servers, endpoints, cloud instances, applications, users. You protect the assets. You monitor the assets. You manage risk to the assets.
This framing is not wrong. But I think it is incomplete in a way that matters.
Assets are the components. What those components constitute together is something more dynamic - a living, interconnected digital organism that the enterprise depends on entirely for its operations. I call this the digital tone of the enterprise.
Digital tone is the sum of how an enterprise exists and operates in the digital world. Every system connected internally and externally. Every workflow that depends on digital infrastructure. Every supplier relationship mediated through digital channels. Every customer interaction, every internal collaboration, every operational process that requires digital connectivity to function. This is the enterprise breathing. Pull the network plug and the enterprise stops. The digital tone is that fundamental.
What makes digital tone powerful as a security concept is its specificity. Every enterprise has a bespoke digital tone - unique to them, even if they use identical technology stacks to their competitors. Two financial services firms running the same cloud providers, the same endpoint tools, the same SaaS applications will have completely different digital tones because of how their people use those systems, what their operational rhythms look like, what their specific entity relationships and dependencies are.
This specificity is what makes generic security approaches insufficient. A threat intelligence feed that describes adversary behavior in generic terms is useful. The same intelligence applied to the specific digital tone of your enterprise, connected to your specific asset topology, your specific control posture, your specific behavioral baselines, becomes genuinely actionable.
It is also what makes detection fundamentally a pattern recognition problem rather than a rule-matching problem. If you deeply understand the digital tone of an enterprise, how it normally breathes, you can recognize when something disturbs that rhythm. An anomaly in the digital tone. A dissonance that shouldn't be there. That recognition does not require a rule that anticipated the specific adversary technique. It requires genuine understanding of the normal system and the ability to perceive deviation from it.
Building this understanding, modeling the living digital tone of an enterprise formally, through taxonomy and ontology and entity resolution and behavioral analytics, is the foundational work of the Resolution Intelligence CloudTM. Not classifying assets. Modeling a living system to fundamentally transform cyber risk management.
If you understand how the enterprise breathes, you know immediately when something is wrong with the breath. That is the security capability worth building toward.
*Part of my ongoing series on data science and the future of security operations.*