Page 29 - index
P. 29
Business as usual is no longer good business where cybersecurity is concerned. Continuous
monitoring and other defense efforts are a good first step, but they need to be taken further. We
know the gap between detection and response grows wider every day, and we know the speed,
versatility, and frequency of attacks have reduced the effectiveness of traditional threat
responses. Today’s cyber defenders require the ability to correlate, act, defend, and mitigate in
near–real time to prevent the proliferation of cyber attacks enabled by workflow and
remediation.
We need speed. We need smarts. We need the power and control to change networks on the
fly. We need to respond in minutes or seconds to stop intruders in their tracks. We need to close
attack windows within seconds to reduce the risk to critical infrastructure. We need to stop
following rules that our attackers openly flout. And finally, we need to shift networks dynamically
to spoof attackers and allow our defensive tactics to appear as random to malicious actors as
their attacks so frequently appear to us.
Automated threat response enables the implementation of pre-determined defensive strategies
at machine-speed for the isolation, regeneration, or redirection of malware and other malicious
threats. Pre-planned risk-mitigation strategies that can be implemented in near real-time across
servers that contain invalid information, or files that contain payloads or beacons in expected
exfiltration files as an attack is occurring, enables organizations to curb attacks without human
intervention, thereby reducing the exposure window.
Automated threat response accomplishes these types of tasks by seamlessly integrating
heterogeneous security solutions (firewalls, intrusion detection systems, Web applications,
mobile device management, and the like) using security orchestration as the mortar that binds
solutions together in a cohesive, holistic - defense architecture. Security orchestration acts as a
multiplier for risk mitigation by implementing actions across the network without having to
coordinate actions manually.
Security orchestration means security administrators and analysts don’t have to distribute threat
information to other administrators and analysts in order to act. And that means security teams
no longer have to be held hostage by outmoded processes, hampered by red-tape, bound by
strict adherence to rules, or hindered by varying levels of competence, all of which stall effective
and efficient response orchestration.
CISOs agree. IDG research shows that 61% of security decision makers surveyed are looking
into ways to reduce the time it takes to respond to a security event. A quarter of those surveyed
said they are in favor of automating some security processes and use automation tools where
possible.
In cybersecurity, the offense generally has the advantage. But defense need not be passive;
superior maneuverability offers a powerful alternative to traditional defensive strategies. Instead
of responding to every attack equally, we can orchestrate the workflows that coordinate tools to
work together to support comprehensive—but unpredictable—defensive plays that can be
generated at the speed of attack. We can integrate automated tasks to replicate decisions
faster– that in turn change attack targets and confuse attackers’ perceptions. Coordinated
responses coupled with active defense can provide the necessary flexibility and adaptability to
keep security assets online and secure.
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
