The 5 ingredients of a resilient cyber security environment:
1. Increase focus on availability-security
While most security environments focus exclusively on confidentiality and integrity-based security models, latency is a high priority for folks that are most successful. To effectively combat today’s threats, all three aspects – confidentiality, integrity and availability – must be a priority in order to ensure comprehensive security.
2. Understand the value & meaning of architecture as it relates to attacks
Leveraging technologies like UDP, CDN and stateful devices is key here. However, knowing the limitations of business-logic decisions is also important. Ironically, in the end, RFC and ISO compliancy may be a known vulnerability. What is clear from the past year of attacks is that the deployment of 80% of known technical and operational controls is no longer adequate.
A process must be in place to be able to technically and operationally lock-down your environment 100% during a cyber-attack. Using encrypted technologies such as SSL and TLS and not relying on a single point-of-entry security technology to do the job are also crucial to this step.
3. Focus on the visibility they can get during an attack / attack detection quality
Simply relying on Netflow detection will expose your security architecture to blind spots. Instead, security professionals should leverage challenge/response technology, which is uniquely situated to distinguish attack traffic. Understanding the value of anomaly detection technologies, as well as the role that web-application-firewall plays in an integrated security platform, is also absolutely essential.
In addition, your security environment needs the capabilities to inspect encrypted and encapsulated technologies such as Multi-Protocol Label Switching (MPLS), General Packet Radio Service (GPRS), Layer 2 Tunneling Protocol (L2TP) and Generic Routing Encapsulation (GRE).
4. Focus on real-time authentication & mitigation decisions
Since attacks happen in real-time, resilient cyber security environments integrate reputational management and dynamic black listing technologies. To successfully combat these types of attacks, security professionals must possess the ability to coordinate their response to an attack with eco-system service providers such as Certificate Authorities (CAs), authoritative DNS providers and cloud providers.
Finally, being able to understand the value of real-time signature generation for anomalistic threats plays a key role in successful attack mitigation.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.