Security systems are evolving. In the past, security systems involved defense rooted in perimeter security, endpoint protection, and technologies focused on dealing with the fallout from an attack. This is no longer the case, however, as the focus has shifted to proactivity, improving the ability to detect an attack, and improving response abilities, such as adversary identification, in and out of network containment, and the implementation of new technologies such as threat intelligence and data analytics.
The first annual ALM Cyber Security conference, hosted in NYC, featured an opening panel moderated by Mauricio Paez, and was intended to provide security experts from a range of fields, including financial, legal, and insurance to name a few, with the necessary tools needed to defend against increasingly complex attackers.
“Proactivity: The Evolution of Cybersecurity Preparedness”, the first panel, features experts from a variety of backgrounds and industries ranging from consultants and third party vendors to government employees. The panel was compiled of:
- Dennis Brixius, Vice President of Risk Management and CSO at McGraw Hill Financial
- Jonathon Couch, Vice President of Intelligence Information Services at iSIGHT Partners
- Stephen Doty, Managing Director of Security Science at Stroz Friedberg
- Bill Sieglein, Founder of CISO Executive Network
The panel was introduced with the cited goals as being to dispel the “misconceptions about what active defense really means.” Paez explained, “what we’re talking about is an approach that really composes of various actions, such as intrusion detection, intelligence gathering, identifying the origin of attack using traceback measures. It is helpful to think of active defense as a broad spectrum of increasingly aggressive measures that entail more than merely hardening the network“.
Traditionally, active defense measures include such things as honeypots, beaconing, and sink-holing, however, companies are more often looking outside of their own network in order to engage hackers. Couch advised looking outside of your network, at what the rest of the world is doing, who they are, as well as their method and state in order to move away from a reactive state.
Other members of the panel agreed with taking an informative approach, stating that ultimately the goal is achieving real-time system monitoring. The easiest way to achieve this goal is to fully understand threats. Brixius explained, “Active defense means going out there, and really understanding who is attacking you“.
The panel explained that taking a passive active defense strategy may be an advisable approach to obtaining such information. Doty stated, “A lot of our active defense measures are oriented towards just watching what the attacker is doing over the course of the investigation”. It also helps to not only monitor, but to have an understanding of what you are monitoring.
Many companies have no way to interpret their logs in order to create actionable outcomes. Without putting a plan into action, monitoring capabilities are not making full use of their resources. If a company has no desire to engage in an offensive strategy, then the key is to investigate the infrastructure of the attacker.
According to Sleglein, many of the CISOs within his network prefer a wait-and-see approach when it comes to the best way to engage attackers. However, he has found that the best use of resources may not even be a tool, as attackers easily adjust and tools become quickly outdated. He instead insinuates that that companies wishing to engage attackers should instead hire someone who can constantly be “on the hunt”.
It is understandable that an offensive strategy is not the right approach for everybody. The first step to any active defense program is an internal assessment so companies are able to fully understand any abnormal behaviors on the network and identify them as soon as possible. Resources are also a big factor in determining what security path is best to take. An active defense strategy may not be a worthwhile investment of funds for a small mom-and-pop shop.
The end result, however, is that all involved panel members agreed that organizations need some sort of capability to identify threats, looking not only at internal vulnerabilities to see where they are likely to strike, but also at outside information, including emerging attacker infrastructures.
Discover the most effective way to protect against threats. Contact Bralin Technology Solutions at (306) 445-4881 or (306) 825-3881 or email us at firstname.lastname@example.org to learn about our managed IT services. We’ll keep you secure and productive for a flat-rate monthly fee.