The volume, velocity, and aggressiveness of cyberattackers continue to increase. It’s not a matter of “if” an organization will be attacked -- it’s a matter of “when.” And because of this reality, it’s imperative that organizations become more active in defending against attackers.
So how do you increase your ability to detect, verify, and respond to threats efficiently and effectively with limited resources?
Fortunately, in GovLoop’s recent online training, Improving Resilience with Active Cyber Defense, topic experts discussed what it means to be cyber resilient and what defense elements will protect you.
“Cyber resilience is the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions, said Russell Glenn, Director of the Cybersecurity Division, KEYW. “It includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”
To help organizations become more cyber resilient, here are three areas they must address:
Detection. Visibility is the first step in defending against attackers in the cyber realm. You can’t catch the bad guy if you can’t see them. To detect the bad guys, organizations need to use malware analysis, network analysis and visibility, endpoint visibility and control, and security analytics.
The challenge with visibility is that it’s eye opening but it’s also overwhelming. “There are roughly 17,000 malware alerts being chased down each week. With 19 percent of those considered reliable and 4 percent that are actually investigated,” said Todd Weller, VP of Corporate Development, at Hexis Cyber Solutions. These statistics lead to the importance of verification.
Verification. Both tactical and strategic, verification is critical to catching the bad guys. Verification can help organizations solve false-positive issues related to network security alerts and improve detection and prioritize investigations and responses to threats.
In many respects, verification is the critical link between your detection and response capabilities. Verification allows you to detect the high-risk reports and then effectively respond to them.
Automated response. It is the collection of countermeasures that can be flexibly deployed, based on policy. To successfully take action against a threat, you need to have the ability to operate countermeasures in any combination of automated or machine-guided modes.
Different situations require different responses, and different organizations have different policies. Having the ability to leverage your response to an attack, based on your organization’s policy, will make you more successful in combating that threat.
Cyber defense requires an integrated approach. You can’t just detect, and you can’t just verify or just respond to an attack. Integrating all three elements is how you will maintain resilience against cyberattacks. For more information on cyber defense, view the on-demand training here.