Regaining the Defensive Advantage in Cybersecurity
Disease may be the best metaphor for our cybersecurity status, and Security Architects Partners has recorded a webinar diagnosing possible cures. With some special guests, we covered core prevention mechanisms, smart deception techniques to turn the tables on cyberattackers and a combination of situational awareness and community-based defense to enhance detection, response and adaptability.
The idea for a Regaining the Defensive Advantage webinar germinated from an RSA conference press room discussion of the sense of the defeatism in the industry. Defeatism has come both from analysts and from vendors. Analysts have moved from saying things like “you should assume your network is already compromised” (Dan Blum, circa 2009) to “Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence” (Neil MacDonald title, 2014). And network security vendors on the RSA show battled to outdo one another messaging something like: “You’re already penetrated by APTs! Buy our detection product!”
We continued the sense of defeatism discussion on the Linked In security architecture group and attracted much interest. Three colleagues agreed to join me as special guests on a webinar to really dive into defensive advantage. A great recording (and perhaps a future whitepaper) was the result.
Prevention is NOT Futile
Gone are the days of Clausewitz and Sun Tzu when military doctrine held attackers require a three to one or five to one numerical advantage to overcome a fortified position. Modern warfare with its motorized vehicles, air forces and drones is much more dynamic and cybersecurity is even more dynamic. But – NEWS FLASH – although our cloudy BYOD enterprise IT environments may be the definition of dynamic, we can fortify core positions within them and slow the bleeding. In the webinar recording, Doug Simmons discusses core defense mechanisms such as privileged access management, network zoning, data masking, database audit/protection and more.
Although we’ve long held it to be one of our primary security postures (prevent, detect, deceive, respond and adapt) in a comprehensive approach to security, deception’s been treated like the black sheep of the family. You won’t find deception on vendor marketing brochures and its hardly talked about in most security strategies. And that’s a shame, because deception wins battles in the world of warfare. In the world of cybersecurity, where attackers enjoy multiple asymmetrical advantages, why not use this time-honored strategy to regain some defensive advantage? In the recorded webinar’s second section on “Confusing and Delaying Attackers,” special guest Fred Cohen covers the concept of deception in networks, applications and infrastructures showing that it is both practical and effective with the technology organizations have deployed today.
In “How can we improve situational awareness and rapid response capabilities?” Chris Blask explains that situational awareness is about much more than security analytics, although we think some of the advanced detection solutions vendors are selling may be effective at detecting stealthy malware or malicious insider activity. Unfortunately, cyberattackers are always adapting, making security analytics just another weapon in the never-ending arms race. Blask explained that situational awareness extends to understanding the organization’s risks, security posture, IT and information assets and user constituencies and – with that organizational awareness – consuming shared security data from tool telemetry and industry partners via the ISACs and other sources. Only by leveraging knowledge sharing with the community, as well as consuming information on new threat indicators, can organizations harness the power of many just as cyberattackers do on the dark side. As we wrote a few weeks ago, it takes a network to fight networks.
Listen to the Regaining the Defensive Advantage webinar at this link.