In May we wrote about how you must first have a solid foundation before you can implement resilient cybersecurity, drawing heavily from for the first part of “Forrester’s Targeted-attack Hierarchy of Needs” report by Forrester Research, Inc., Principal Analyst Rick Holland. The second half of that report was just published in late July. With the foundation in place, this report focuses on the top two tiers of the Hierarchy of Needs: Prevention and Detection & Response.
By way of review, Holland declared that targeted cyber-attacks are the new normal. Gearing up to meet such focused attacks takes planning, skills, and dedicated resources, most typically found in large organizations and corporations. Of course, size does not exempt any company from the evil efforts of cybercriminals, only its ability to prepare and defend.
As trusted partners of our customers, its incumbent upon us to understand forces potentially impacting your business, how they may affect services we provide, and the counsel we offer. Even though Peak 10 may directly contribute to only a portion of our customers’ business requirements, our mission is to help make the entire entity successful.
One thing is clear. This is a war. It is being waged by a highly sophisticated, organized and relentless enemy that is constantly on the offensive. This could leave one to conclude that prevention is futile and, instead, to focus resources on detection and response. Not a good idea.
Without prevention measures in place every attempt to get inside your security perimeter – from the innocuous to the truly invasive – will require your attention. It’s like having screens on your windows; the finer the screen mesh, the fewer biting insects will invade your space. Add a bug zapper or Mosquito Magnet to the patio area and reduce threats even more.
It can be easy to go too far and have screens so fine that air doesn’t circulate well and vision is obscured, or noise from the zapper that makes it impossible to get peace and quiet. Cyber defense measures can also be so onerous that users are unable to work.
Even with prevention, some trespassers always seem to get through though and need to be reckoned with. You may not want them, but they want you. That’s where detection and response come in.
Be they insects or cyber criminals, plenty of vendors and lots of products are available to help you eradicate the enemy. It would be great if there was just one spray can that could do it all. There isn’t, which is why we often end up with a closetful of remedies. Each is intended for a specific species of critter. Some work better than others. Their effectiveness may have been diluted by time. Attackers may have built up resistance or a new invasive species appears on the scene.
This is where Analyst Holland recommends a multi-pronged detection and defense strategy, what he calls the four pillars. An adequate defense is composed of a combination of:
- malware analysis, which determines whether intent is malicious by either testing code from within via a debugger or inspecting how the code is designed to function.
- network analysis and visibility, which employs a diverse set of tools that track, analyze and correlate network activity from multiple viewpoints to detect abnormal activity at any given point in time.
- endpoint visibility and control, which is prevention of bad behavior, monitoring for bad behavior, or a combination of both at the far-flung reaches of the extended enterprise.
- security analytics, which will go beyond the current limitation of security information management/ security information and event management (SIM/SIEM) capabilities but, at its present state, is not yet effectively productized for off-the-shelf application.
The report goes into extensive analysis of each of the four pillars, the ever-expanding technology directions and the dynamic vendor landscape. From an industry point of view, this is very much a work in progress as the technologists and engineers work to stay steps ahead of coming attack waves. We will offer only a high-level overview here to give you a sense of the purpose of each.
This very detailed and comprehensive Forrester report wraps up acknowledging that many organizations have far to go to implement the four pillars. Forrester recommends that businesses start with a roadmap for building out each pillar, such that you create an integrated technology stack.
“You must remember that creating an integrated portfolio that enables orchestration should be a core tenet of your architectural, process, and product/service decisions,” Holland writes.” When evaluating technology, prioritize vendors that offer multiple pillars as well as those that have third-party integrations that make operationalizing the solution effective. You don’t necessarily need a single pane of glass but you should have a common user experience.”
At this stage of security technology development and vendor innovation, Peak 10 services may help by serving as a part of your continually evolving solution. As with prevention measures discussed at the beginning of this blog, managed security services can help take of some of the pressure, allowing you to concentrate on the bigger, more complex aspects of cybersecurity.
As always, we are in it with you, today and tomorrow.