By Brian Wilcox, CISO
Setting strategy and tactics to successfully execute the cyber defense of an organization while effectively receiving critical C-Level support continues to be subject of discussion across many organizations. Given cyber criminals increasingly target businesses of all sizes, the need to accelerate creation, hardening and modernization of defenses — in an environment with historically constrained resources — is critical to successfully combating nefarious actors.
With National Cyber Security Awareness Month upon us, we thought to offer some basic advice on our top recommended initiatives for setting current and future business systems cyber security protections:
- Execute a centralized corporate information security program based on best in class compliance standards and frameworks (e.g., NIST, ISO, and CISQ).
- Implement a governance model and Enterprise Risk Management strategy to ensure corporate performance, compliance and critical C-Level engagement.
- Stand up a Security Operations Center (SOC) providing operational security services to ensure adherence to policy, mitigate risk and defeat cyber-attacks immediately or shortly after they are detected.
- Explore and adopt new adaptive cyber-attack defense technologies to address the gaps in current security defenses and render previously successful attack methods impotent.
The combination of the first three initiatives with a focused Information Security and Technology staff, coordinated with a highly refined set of SIEM tools, create a formidable cyber defense in depth. However, with the evolution of new attack methodologies from state and criminal actors, comes the understanding that the existential threat requires a next generation of cyber defenses. Therefore, it is vital to explore and adopt new adaptive cyber-attack defense technologies to address the gaps in current security defenses and render previously successful attack methods impotent.
The question becomes what constitutes the most effective next generation of cyber defenses. Given the exponential number and severity of cybersecurity incidents, attack and mitigation strategies have been examined by several accredited institutions. The results point to an increasing need to reduce attack surfaces while providing increasing return on investment (ROI).
My research has resulted in two areas that complement the reduction of attack surface and providing ROI. The first area is access controls which is controlling who can do what. Regardless of your access control methods, it is possible to implement a preventative access control model to stop access before it happens. By only allowing authorized authenticated communications on your network nodes, the level of nefarious and spurious network traffic is effectively reduced to zero. This provides both attack surface reduction and ROI. The technology I recommend most highly is provided by BlackRidge Technology.
Examining BlackRidge further, BlackRidge Transport Access Control (TAC) is an example of an adaptive cyber defense technology to start implementing now. BlackRidge TAC offers potent defenses against the most determined attacks and it is has been designed to work with and complement legacy networks, security infrastructure and applications.ecting-your-business-from-cyber-attacks-top-recommended-initiatives
The unique, innovative principles upon which BlackRidge TAC is based allow for continuous, adaptive protection from evolving threat types. Organizations adopting BlackRidge can change the current cyber-attack dynamic, giving themselves a distinct and lasting cyber defense advantage. Stopping attacks is part of the equation, but dealing with them once they are inside your perimeter is another problem.
The second area of adaptive implementation deals with identification and remediation of nefarious anomalies inside your network perimeter. Using the various SIEM tools, identifying events is not difficult. In fact, that is part of the ROI problem. There are far too many identified events to effectively deal with events or incidents that happen inside your network. The problem remains who “fixes” all levels of events effectively while preventing major or even catastrophic damage to your business. The use of Artificial Intelligence (AI) to systematically detect and defeat cyber infections seems the most promising solution.
There are several companies on the cutting edge of providing adaptive AI solutions as an addition to a Security Operations Center / SIEM stack. One uses non-signature sampling, another uses mathematics, while yet another uses continuous diagnostics to mitigate and respond to threats.
Once your basic security programs are in place, these two additions to your cyber defenses will make it is significantly more difficult to attack and breach your business services. Contact us to continue the conversation on how to successfully execute the cyber defense of your organization while effectively receiving critical C-Level support.