Next Gen Security. Perspective Changes!
Established models of cyber security are changing. And, they are changing fast. This change is driven by three key factors.
- Increasing span and complexity of the cyber infrastructure
- Emergence of some key new technologies
- Adaptive and super agile nature of threats
Out current set of security technologies, which are mostly based on the principles, architectures and perspectives of ‘internet, network and enterprises models’ of late 1990s and early 21st century, are destined to get into oblivion within this decade.
This article talks about some of the key elements of new thought framework, which most of the CISO and CIOs will be adopting or have already adopted.
Key elements will be along the lines of following points:
These four points indicate a departure of the old and prevalent thought model of security, which is hinged around
- Lock it
- Check it
- Keep identification of who did what
It is a well established fact that no matter how much security measures and technologies are adopted, something will be amiss, or else, someone will come up with smarter way of stealing things. With this hindsight, it is only reasonable that we are departing from the lock and check model of security.
Reduction of Attack Surface –>
One of the emerging thought elements in security strategy design and corresponding operational model is a realization that one smart way of reducing the threats is to reduce the attack surface, which an attacker has into your organization. It is a late realization but an apt one. Seemingly unrelated actions, which reduce attack surface, can have significant positive impact on your security posture.
One such example will be, using shared/virtual desktop environment, without local storage capability. For too long, we have had full fledged PCs being used by people, who will never use any productivity application, which might need local computing resources. A removal of PCs and replacing them with a VD setup will reduce the point of entries for your environment. This will lead of reduction of attack surface.
There are many many more such attack surface reduction possibilities. Look deeper, and, you will find opportunities in almost all IT ops and security ops to reduce the attack surface.
Improve Detect and Respond Capability
Threats today have emergence and damage time interval, ever shorter than ever. From the time a new threat is introduced in the hyper-connected world, to point, where your enterprise is at risk, there is hardly anytime. It can be mostly represented in hours.
With this kind of threat emergence and impact landscape, detection and response is more likely to save the day. Organizations have always had some detection and response processes, systems and technologies in place, with following caveats.
- They can’t detect threats in real time
- Response time is an issue
- Response robustness is also an issue
- Detection ability is limited to certain portions of setup
Today organizations need to start looking for technologies and response model, which is real time from both detection and action point of view. Specific technologies such as EDR can help improve detection at the points, which get neglected because of their sprawl factor.
Organizations will also need to start looking for options outside their internal security teams, where capacity, capability and / or bandwidth becomes an issue. MSSPs can come handy to create 24×7 detection ability, and, comprehensive response capability.
Predictive Identification of “Potential Risks & Threats”
Wealth of information about security is buried within the data and application vaults of the company itself. And this information is not only helpful in dealing with APTs. It is helpful in making decisions and protections smarter.
Most organizations have not figured out how to use the patterns, which exist within enterprise data, to take action and improve security posture. It is a challenging task from technology and procedure point of view.
A program like approach of collecting patterns, identifying concerns and threats, allocating responsibilities to people to take action, will work here. Organizations need to start developing an attitude and approach, to respect the patterns which lay within their own data.
On an increasing basis, CISOs will need to pivot their new strategies around thought framework represented by these three points.
It is only natural, to shift focus…
- From asset to attack surface
- Protective to preemptive
- Lock all doors to ‘Respond Real-time’
Leave a comment: