It was only a couple of years ago that the industry started paying attention to the fact that cyber criminals were enlisting data-gathering strategies to launch more intelligent attacks. Savvier bad guys had begun enlisting various steps to carry out whatever main purpose behind their attacks, including identifying and researching targets; discovering their vulnerable spots; homing in on these vulnerabilities to deliver exploits to particular devices, apps or whatever; and then eventually enabling command and control of these devices so that they could carry out their final actions. Those actions could range from theft of money or critical data to crippling competition or siphoning off key secrets to use for other nefarious purposes.
Experts argued that, really, organizations could use similar steps to better their defenses against these onslaughts, thereby becoming less reactive. Now this process – the interruption of the cyberattack kill chain through the use of intelligence-driven security – has been touted as the better way forward in shoring up security controls to gain more of an upper hand against sophisticated attacks. The problem, though, is that not too many organizations have made moves to adopt methodologies to support it.
Some long-time industry players, however, have embraced it with a furor, and hope that by imparting their own experiences surrounding the use of this strategy they might help executive leaders and other IT security pros take the steps necessary to enlist it in their own organizations – despite the commitment, diligence and expertise it may require.
Gene Fredriksen, a seasoned C-level security guru who's served in leadership roles across a bevy of organizations in various markets, who is our cover subject this month, is one of those practitioners who believes taking steps to integrate an intelligence-based security strategy is the solid way forward to defending organizations from today's cyber criminals.
Acknowledging security moves already made – from perimeter to defense-in-depth – Fredriksen says that information security leaders now must educate their executives about the reality of today's threat landscape, which centers around not defending against attacks but soundly reacting to them when they happen. Security structures and strategies must be based on data gathering so that organizations can readily react to more common zero-day and advanced persistent attacks.
This entails mapping “the kill chain phases across the standard layers of defense, and the controls that can interrupt the kill chain. While we want to keep the bad guys out, the real focus has to be keeping the sensitive data in. It's a variation of the prevent/detect/respond graphic we have all seen so often.”
Such a process is a regularly discussed approach these days, but far from widely adopted. We're hoping that more organizations, in trying to stay out of the headlines, will understand that it's not only about stopping known threats but also about intelligence gathering to prevent unknown threats from advancing to the later stages of the kill chain. Shoring up traditional defenses while taking more proactive steps to better identify network anomalies, compromised devices and data exfiltration can bolster one's security posture. And, of course, it can go quite a long way in safeguarding key data assets.
To learn more about how you can better address these complex issues and then explain them to your bosses to gain their support – and maybe more resources and budget to help bring them to fruition – look no further than this month's cover story by Associate Editor Teri Robinson.