‘We are under Cyber-attack!!!’
Many Organizations and Institutions understand how to deal with traditional cyber-threads and usually want to respond to current advanced threads in the same way. This approach no longer works. But not everything is lost, we have to use a Risk-Based Approach to Security.
Cyber Best Practices.Entities have to cover not good things but the right things, that’s why these Institutions must cover not only technical requirements but business drivers too. One cannot agree but security has and will always be about understanding, managing and mitigating risk to an organization. We have to prevent, but more importantly is to detect, correlate, and perform continuous monitoring against ‘normal activity’.
Technology has driven financial growth, environmental awareness, and access to socio political movements. However, risks come with every new opportunity. To effectively deal with every one of these risks, we must look to a holistic approach given the highly interconnected risks and their real time changes. Cyber Security involves understanding the threat origins, the means of internal access, and the traffic within.
How to achieve it?
Five pillars can play an important role in helping organizations to support the best practices described above. The idea is to cover the whole process based again in Risk:
- Cyber Governance Management: Automated regulatory intake, helps map requirements to security controls. Identifies current level and business impact of cyber risks in the organization.
- Cyber Investigation Management: Overcome disparate information systems across the security enterprise through collaborative processes. A whole-of-government approach to security is unanimously realized as the critical success factor to effective governance. Implementation is costly due to disparate systems and processes among key government agencies.
- Event Stream Processor: Big Data is often described in terms of Volume, Velocity and Variety, yet the Velocity dimension is often overlooked. While the focus tends to be on volume as in massive amounts of data velocity is the critical component particularly when handling cyber activity. How long does it take to extract insight from all that data? Event Stream Processor is the component that provides insight to emerging threats where the sooner the response, the greater the value. Analyze and act on events as they happen – by relying on real-time event-driven analytics. With a Complex Event Processing (CEP) platform, you can develop and deploy business-critical applications that give you the agility you need to make quick, profitable decisions. This includes machine learning and “fuzzy” algorithms for adaptation to evolving threats and IP patterns.
- Enterprise Threat Detection: Enterprise Threat Detection can help you identify the real attack vectors as they occur and to analyze the threats quickly enough to neutralize them before serious damage occurs preventing critical damage to their IT landscapes and infrastructure. The solution detects internal and external attacks based on application event information in combination with context data. Developing a detailed intelligence picture is vital to the success of any cyber-resilience operation. But to target serious and organized cyber-crime, analysts and investigators need to focus on hidden associations and connections between disparate, disorganized data sets. This requires having the right analytical and reporting tools.
- Cyber Intelligence Analysis and reporting: Social network analysis and Text Analytics are invaluable tools to understand how known threats or at risk employees interact with others in their cyber community. This intelligence includes dimensions of frequency, direction, or risk profile fitting. With the collaboration of partnered cyber security agencies or stakeholders these dimensions can be easily complimented with geo-spatial, telecoms and financial data to give a 360 view of the individual to the cyber community dynamic. Developing a detailed intelligence picture is vital to the success of any cyber-resilience operation. But to target serious and organized cyber-crime, analysts and investigators need to focus on hidden associations and connections between disparate, disorganized data sets. This requires having the right analytical and reporting tools and combining them into an effective Intelligence platform.
Just to summarize, threats has changed but organization’s approach to cyber security not. We are immerse in an advanced, well-funded, organized attacker environment. Organizations have to instrument a proactive, predictive, and adaptive risk based security strategy.
I hope you’ll find this brief interesting and hopefully you can let me know your comments and ideas in this regards.