When it comes to cyber resiliency, there's no Big Bang theory. It's best to take a methodical approach based on a solid framework.
Organizations that think they can address all their cyber-resiliency needs in one fell swoop often make the mistake of narrowing their focus area to accommodate their single-bite-of-the-apple approach, which results in failure to make them fully secure. Taking a systematic and thoughtful approach leads to a better outcome.
As Micro Focus Security CTO Mark Fernandes wrote recently on TechBeacon, with the pandemic, enterprises have had to pivot to survive—but savvy organizations have seen the pandemic as an opportunity to thrive. He noted that they are assessing how they do business—how they manage their supply chains (think SolarWinds), their vendors, and their workforce. For those organizations, the barriers to digital transformation are dissolving, and they are striving to become more resilient.
But building cyber resiliency right is a lot like removing an old tree in your backyard. In the forest, it may be okay to cut from the bottom and yell, "Timber!" but in the backyard, there's plenty that can go wrong with that approach (unintended consequences), such as fences, utility lines, and landscaping. That's why professional tree removers approach the task methodically.
They take a tree down limb by limb before they start cutting the trunk, small section by small section, working all the way down to the base. Each time they make a cut, they stop and lower what they have cut down on ropes before cutting the next piece. It takes teamwork between the one doing the cutting and the ones on the ground.
The tree removers' level of precision and focus allows them to meet the objective of cutting down the tree without unintended consequences. Here's why you should take a similar approach to cyber resilience.
Framework options
By developing and following a framework, an organization can approach cyber resiliency with the precision, focus, and teamwork of the tree removers. A number of such frameworks are available in the public domain. For example, the US National Institute of Standards and Technology (NIST) came out with a cyber-resilience engineering framework (NIST SP 800-160, Volume 2) that provides goals, objectives, and techniques. NIST's framework—like its sister framework on cybersecurity—is a cross-disciplinary framework for cyber-resilience teams to follow.
In addition, a full-featured cyber-resiliency framework, called the CERT Resilience Management Model, has been published by the Software Engineering Institute. MITRE, too, is offering a framework. Its Cyber Resiliency Engineering Framework has the flavor of its ATT&CK framework, with its mapping of cyber-resilience techniques to objectives.
Whether you choose to use a framework or not, a good cyber-resiliency program should be built on three pillars: protect your data, detect your threats, and evolve your resiliency posture.
Protect your data
A cornerstone to a good cyber-resiliency program is protecting your data from cyber threats with identity governance, application vulnerability detection, and persistent data protection.
On the identity front, reduce risk throughout your ecosystem with end-to-end identity lifecycle management for users, devices, services and other things. Determine trusted identities quickly so people have the access to the resources and data when they need it in real time—without exposing your data to innocent actions from users. Use machine learning to adjust authentication requirements based on observed behaviors and calculated risk.
Application vulnerability detection measures to build resiliency include finding vulnerabilities in all application types—whether they be on premises or in the cloud—at scale and as early as possible in the development lifecycle. It also includes finding security flaws in source code, both custom and open source, and integrating developer-friendly processes into the CI/CD pipeline. This shift-left approach to security can be accomplished without slowing down dev teams.
Meanwhile, all critical data should be secured at the source. Structured and unstructured data needs to be encrypted with persistent protection. Policy-based data protection should be implemented to ensure secure collaboration and productivity—while protecting privacy.
Detecting threats
Detecting threats is also important to a resiliency regimen. Machine-aided detection, automated hunting, and advanced situational awareness can be used to obtain real-time visibility into threats.
Analytics-driven solutions can be used to make smart decisions about your security posture and focus on what really matters. To determine what really matters, you need to discover, secure, and govern sensitive and high-value data. That includes finding and analyzing all your structured and unstructured data, controlling your data wherever it is with security that's cloud-agnostic and multi-cloud, and enabling privacy and regulatory compliance to protect your brand and reputation and build customer trust.
Part of resilient threat detection is avoiding being bogged down with false positives. Unsupervised machine learning can help you cut through noise at scale. ML can enable monitoring and validation of threats based on observed behaviors and calculated risk.
In addition, human intelligence can be augmented with machine intelligence to identify anomalous behavior and unknown threats. Rich data analytics can also be created with artificial intelligence to alert or automatically encrypt data derived from risk-based results, while behavioral analytics can be used to analyze runtime behavior of code in motion to identify security vulnerabilities and areas of risk.
You can improve the effectiveness and response time of your threat detection efforts by eliminating manual tasks through automation and orchestration.
Continuous evolution
An organization's security posture must continue to evolve to remain resilient. That requires staying ahead of cyber threats and risks and making smart security decisions with intelligent, analytics-driven solutions.
One way to evolve the resiliency of your security posture is through creating a heterogeneous hybrid environment that includes existing or new security services. Those new offerings might include adding security-as-a-service capabilities to improve service delivery efficiency; integrating protections across identities, apps, and data to cover gaps that span complex use cases; creating a unified view of your environment; and simplifying your deployment model to achieve faster time to value.
Another evolving aspect of your security posture is your supply chain. You can improve its resiliency by customizing protections by industry and domain. The unique industry intellectual property, deep knowledge, and best practices of partners can be leveraged to build controls into your existing products.
You can make smarter decisions with data science. With machine learning, mathematical models, and visualization capabilities to analyze, correlate, and view data across threaded use cases, you will be able to make smarter analytically driven decisions.
However you choose to build your organization's resiliency, don't try to do it overnight (like cutting your tree the wrong way). You'll find a methodical approach will deliver what you want, and avoid the kinds of security gaps that can lead to embarrassing consequences in the future.
Where is your organization on the path to cyber resilience? Take the assessment.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
