“To know your future you must know your past” – George Santanyana
This approach has been used for many years by computer security, risk management and compliance teams. However through advancements in technology, disruptions in the market and advanced attacks, organizations are looking for innovative ways to stay ahead of the changing threat landscape. Though not a new strategy, the current world events have highlighted the need to focus on digital transformation, breakdown information silos, effectively use data, to ‘fail fast’ and empower the workforce to build a culture based on not just surviving, but thriving, to be cyber resilient. Building resilience into the organization enabled innovation, empowerment of individuals and teams, and leverage the power of varied work environments be it remote, on-premises or the cloud.
Going back to computer security or more recently cyber security, resilience can be defined as ‘the ability of an organization to enable business acceleration by preparing for, responding to, and recovering from cyber threats.’ More specifically, Protect, Detect and Evolve are the foundations of a strong and resilient cyber program that is aligned with the organizational vision.
- Protection of the critical assets within an environment centered on identities, applications and data.
- Near real-time detection of an attack or proactively addressing vulnerabilities, suspicious behavior or compromised identities
- Evolving security policies and capabilities based on a previous attacks or predicted future incidents.
Cyber resilience is a business enabler that allows organizations to innovate securely and can be applied to all areas of security as described below:
Resilience in Security Operations
Security Operations Center (SOC) teams, whether in-house or outsourced, are critical to the success of an organization by identifying and responding to cyber security events that will impact normal business operations across all environments such as IT, OT and IoT. On the other hand, these teams are suffering from data overload, lack of skilled resources, and a mis-alignment with business priorities. Through the power of contextualized and parsed events, real-time correlation, intelligent analytics and automation, suspicious events will not only be flagged almost immediately but contextual details will be provided up front along with response recommendation, a defined workflow and automated response capabilities, making make a junior SOC analyst look like a rockstar (Tier 1 Analyst = 1, Adversary = 0). Hunt teams can trust that the needles they are looking for will be effectively identified early in the attack lifecycle, reducing the manual effort required and allowing a thorough analysis of event logs instead of firefighting. Frameworks such as Mitre Att&ck are already embedded into the tools leveraged by the SOC, meeting security best practices and aligning with compliance needs.
Resilience in Application Security (AppSec or DevSecOps)
Application security, historically the Achilles heel for an organization, had developers and security teams pointing fingers at each other when it came to who was accountable for finding and addressing vulnerabilities in code. What about a vendor developed app? Open source components? Mobile app security? Containers? Cloud developed apps? DevSecOps? Imagine if all of these potential areas of risk could be assessed, consolidated and prioritized for the security team but without changing the existing process for developers. Building resilience into the code from the ground up to reduce the risk of vulnerable code being released into production while still meeting the target release date and functionality requirements. Imagine embedded analytics not only identifying potential risks but also detecting previously unknown risks that could be exploited and then automatically fixing the vulnerable code and blocking any attacks if they were to occur.
Resilience in Identity and Access Management (IAM)
At the heart of any organization is its employees. Whether an organization is successful or not, regardless of the technology being used, is the ability of its personnel to understand an organization’s vision and then execute on that vision. The adversary knows this, and when efforts aren’t focused on the new perimeter of the application layer, emails about the pandemic, or authentic looking emails from trusted partners, customers or vendors abound. Even if most phishing emails are blocked ‘at the front door’, with remote work being the new normal, what about the entry ways that aren’t being watched such as the personal email basement door? Or the mobile email app? Supporting employees through these trying times can’t involve hour long phone calls to the support desk to validate an identity. Imagine being able to categorize the risk level of an employee based on their previous activities and applying additional authentication controls if required. Managing hundreds to thousands of identities and policies across traditional, mobile and cloud based systems can be centralized to save hours of administrative overhead with the deployment of simple technology.
Resilience in Data Privacy and Protection
Organizations are only as successful as the data they collect, analyze and act upon. Though the business model may be unique to each industry or organization, an effective strategy be it for competitive differentiation or identifying patient health risks can only be successful through in-depth analysis of the collected data to understand the customer, success criteria, failure criteria, and future direction. Being able to quickly act upon the data is a key factor in a truly resilient business strategy. The adversary is aware that organizations collect large volumes of data, including highly sensitive data either to an individual or to an organization and will systematically test an organization for weak points to gain access to the data. There is no such thing as a silver bullet in security but being able to build a data governance framework and then securing the sensitive data throughout its lifecycle significantly lowers the organizations cyber risk. Imagine the ability to track all sensitive data regardless of its form, structured or unstructured and tracking all of the identities that accessed the data.
Resilience through Analytics
Business intelligence has been at the core of product and service driven organizations for many years but has historically run in a silo. Deploying analytics throughout the organization, data can be turned into intelligence allowing the organization to make informed decisions across all business units. By augmenting human intelligence with machine intelligence, cyber resilience will not only provide basic contextual information but additionally predict and prescribe a recommended response to an event, incident, or threat. This capability will allow the security organization to evolve and monitor for advanced or previously unknown threats while continuously enhancing protective controls.
Help for Organizations on the Road to Resiliency
With our customers and partners, we are looking to build a more resilient world capable of withstanding physical and digital disruptions. That’s why I am glad to introduce CyberResilient.com, a new digital resource designed to support CISOs and other cybersecurity professionals to help them build their roadmap to cyber resilience and, ultimately, business resilience.
Guest post by Neil Correa, Micro Focus Cyber Strategist