The high-level differences between organizations that have been able to successfully withstand cyber attacks and others that have not are readily apparent when surveying the 2012 cyber security landscape. Below are the five most important lessons learned from those organizations that have managed to build a resilient security environment.

The 5 ingredients of a resilient cyber security environment:

1. Increase focus on availability-security

While most security environments focus exclusively on confidentiality and integrity-based security models, latency is a high priority for folks that are most successful. To effectively combat today’s threats, all three aspects – confidentiality, integrity and availability – must be a priority in order to ensure comprehensive security.

2. Understand the value & meaning of architecture as it relates to attacks

Leveraging technologies like UDP, CDN and stateful devices is key here. However, knowing the limitations of business-logic decisions is also important. Ironically, in the end, RFC and ISO compliancy may be a known vulnerability. What is clear from the past year of attacks is that the deployment of 80% of known technical and operational controls is no longer adequate.

A process must be in place to be able to technically and operationally lock-down your environment 100% during a cyber-attack. Using encrypted technologies such as SSL and TLS and not relying on a single point-of-entry security technology to do the job are also crucial to this step.


3. Focus on the visibility they can get during an attack / attack detection quality

Simply relying on Netflow detection will expose your security architecture to blind spots. Instead, security professionals should leverage challenge/response technology, which is uniquely situated to distinguish attack traffic. Understanding the value of anomaly detection technologies, as well as the role that web-application-firewall plays in an integrated security platform, is also absolutely essential.

In addition, your security environment needs the capabilities to inspect encrypted and encapsulated technologies such as Multi-Protocol Label Switching (MPLS), General Packet Radio Service (GPRS), Layer 2 Tunneling Protocol (L2TP) and Generic Routing Encapsulation (GRE).

4. Focus on real-time authentication & mitigation decisions

Since attacks happen in real-time, resilient cyber security environments integrate reputational management and dynamic black listing technologies. To successfully combat these types of attacks, security professionals must possess the ability to coordinate their response to an attack with eco-system service providers such as Certificate Authorities (CAs), authoritative DNS providers and cloud providers.

Finally, being able to understand the value of real-time signature generation for anomalistic threats plays a key role in successful attack mitigation.