Page 165 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 165
Putting a collective defense strategy into practice
Implementing collective defense involves a coordinated approach to cybersecurity where multiple
organizations collaborate to detect, defend against, and respond to cyber threats. The critical
undertakings to successfully implement this strategy include:
• Identify stakeholders: Invite broad participation from public, private, and industrial sectors to
maximize understanding of the threat landscape and active campaigns targeting their enterprises.
• Develop trust: Establish non-disclosure agreements, define roles and responsibilities, and
ensure operational transparency to build trust among participating organizations.
• Create communication channels: Establish secure collaboration mechanisms to share threat
intelligence, response actions, best practices, and incident reports to enable real-time defense
against cyber threats.
• Share threat intelligence and response actions: Encourage member organizations to adopt a
common technical lexicon to characterize and categorize attackers (e.g., the MITRE ATT&CK
framework) and share indicators of compromise (IoCs) and other relevant threat data, including
detection rules, threat hunting playbooks, and incident response playbooks.
• Conduct collaborative analysis: Pool resources to analyze shared data, identify patterns,
predict potential threats, develop and maintain detections, and curate incident response.
If a member organization also owns or operates any portion of the nation’s critical infrastructure, it
must prepare to meet its CIRCIA reporting obligations.
• Update incident response plans: Develop or update incident response plans to address time-
sensitive notification requirements and include detailed evidence preservation and collection
procedures.
• Train incident response teams: Brief incident response teams on the CIRCIA reporting
requirements to allow organizations to comply with these new processes.
By following these steps and fostering a culture of collaboration, organizations can effectively implement
a collective defense strategy, enhancing their ability to defend against and respond to cyber threats.
Applying SASE to a collective defense strategy
Secure Access Service Edge (SASE) plays a crucial role in enhancing collective defense strategies by
addressing modern cyber threats. The SASE architecture combines various network and security
functions such as SD-WAN to optimize connectivity, domain name system (DNS) layer security, firewalls
for segmentation and traffic inspection, secure web gateways (SWG) for internet security, cloud access
service broker (CASB) to govern access to SaaS applications, zero-trust network access (ZTNA) for
application-centric access control, and more with single policy administration and consolidated reporting.
It is designed with flexibility to support remote and distributed workforces, allowing employees to access
company resources from anywhere, on any device, without needing a physical connection to the
corporate network. Flexibility is particularly beneficial today, where remote work has become the norm
for many organizations. SASE allows businesses to customize their networking and security solutions to
165
