Five Interconnected Concepts to Enhance and Transform Enterprise Cyber Security

Five Interconnected Concepts to Enhance and Transform Enterprise Cyber Security

Author: Mirza Asrar Baig, CEO and Founder, CTM360^®

Enterprise Cyber Security - The challenges of enterprise security are only growing every day; moreover, they continue to outpace the defenders. The risks are high, but so are the stakes motivating the acceleration of digital transformation on the 4th industrial revolution journey. Enterprise security is a significant factor in the success that is also a board-level agenda item.

Though there are enough security technologies deployed inside the network in the current approach, it seems the external aspect is getting much lower attention than required.

Complementary to this ideology, here are five interconnected concepts to enhance cybersecurity and win this losing war.

Redefining Cyber Security

Research the definition, and you will come across various aspects of Cybersecurity. Most security vendors have attempted this task, with variations befitting their product concepts. Even Wikipedia goes as far as equating Cybersecurity to IT security.

A more ideal approach would be to compare the physical world’s security organization to the virtual world, such as the missions of Police, Military, and an Intelligence Agency.

IT Security is about enhancing the user experience but in a secure environment, similar to police, enabling more freedom for citizens.
Information Security is about securing information assets similar to the military, which may compromise citizens’ freedom, to secure critical infrastructure.
Cybersecurity is neither about people nor assets; similar to an intelligence agency, the focus of cybersecurity is more about identifying and neutralizing attacks as early as possible.

We need to appreciate the nature of each individual mission as it would be challenging to expect the same team to perform all three.

PLATINUM

Innovators

PLATINUM

Innovators

Enterprise Cyber Security - Offensive Defense

The world of enterprise security has always consisted of layers of defensive technologies starting from the perimeter to the network and up to the endpoint and data. Take the Firewall as an example, such as an infrastructure firewall, Web Application Firewall, Web Proxy firewall, Email gateway firewall, and endpoint firewall. Similarly, we have multiple technologies that have specific purposes, and each year a new concept with some additional technologies is introduced. These technologies are defensive, where they detect and block intruders inside or at the perimeter of the organization’s network.

In comparison, if we use an offensive defense approach, much less effort is dedicated to dismantling the attackers’ infrastructure. Do note that many cybercrimes may have the full lifecycle outside your network. There are multiple scenarios where ‘best defense is an offense’ is applicable. That would require monitoring and neutralizing attack attributes in the attacker’s territory (internet/cyberspace) to eliminate threats in their infancy.

Enterprise Cyber Security - IOCs vs. IOEs, IOWs, and IOAs

The current defense-in-depth approach offers layers of security technologies inside your network, primarily operating upon the concept of blacklists. These are considered as signatures of malicious events; hence at any point when an event is identified that matches a signature, the corresponding technology will block that event from proceeding any further. This is excellent, and to ensure maximum value, the blacklists should be updated promptly - at times, this may happen multiple times in a day. The industry names them as ‘Indicators of compromise’, where the name ‘compromise’ itself explains that the event has happened inside the network, though it may have been blocked.

We should also consider what can be done before the attack reaches the network or customers. This is best explained in ‘The cyber kill chain’ by Lockheed Martin, where we have the pre-compromise stage in which the attacker conducts the reconnaissance or sets up attack attributes. If we can detect such attributes at this stage, they would be considered ‘Indicators of Warning’; similarly, the same would be regarded as ‘Indicators of Attack’ if we miss them at the warning stage and only identify them during the attack stage. Finally, we also have a misconfiguration in our internet presence that may allow the attacker an easy compromise. The continuous monitoring and identification of vulnerabilities within your own internet presence are considered your ‘Indicators of exposure.’

Takedown ++

Incident response is very challenging when it comes to doing so effectively across the internet. The industry typically calls these actions ‘takedowns’ as most of the time; the expectation is that the only possible response is the takedown of the malicious content, be it a website or social media impersonation. Their broader approach would be that all possible data attributes which are part of an attack should be identified and mitigated. This is like dismantling the attack infrastructure and making it difficult for a comeback. Appropriate responses would be beyond takedowns and may include a shutdown, domain suspension, account revoke, deindexing, etc. This would also mean extensive investigations, when and where applicable. All this seems like an expensive proposition as the probable workload may seem very open-ended. However, this can be estimated and offered at an affordable fixed yearly fee with unlimited investigations and incident responses with the help of AI and automation.

Enterprise Cyber Security - Comprehensive DRP stack

Digital Risk Protection (DRP) is the terminology that has been used to define an organization’s function where it is expected to identify and manage cyber threat data attributes that are either residing across the internet or are visible from the internet.

This starts from first identifying and cataloging the organization’s digital footprint, including but not limited to their genuine domains, websites, digital certificates, social media profiles, etc. Next is to ensure there are no apparent weaknesses in the footprint that an attacker may exploit.

The more significant challenge is to continuously be on the lookout for any suspicious or malicious incidents that may reflect a cyber attack. Do note that in the world of cybercrimes, the attacks come in many scenarios and are always evolving innovatively. Timely detection and mitigation are key.

It also requires a vigilant team that anticipates the attacks and, accordingly, hunting for all possible attack data points to detect and mitigate cyber-attacks proactively. All of the above require various sets of tools and practices that are usually acquired by a combination of multiple vendors. The challenge of leveraging solutions across multiple vendors dilutes the overall effort. The best option is to get it all as a single all-inclusive stack.

By utilizing these five interconnected points, organizations will have a better grasp of their overall security posture. Do keep in mind that cybersecurity is not the answer to all enterprise security problems; however, it will complement existing IT and Information security teams’ efforts. Hence, enhancing and strengthening an organization’s overall security posture at different levels. Adoption of these methods will ensure a proactive, active and stable approach to security.