What are the three complementary principles and overarching strategies that can help CISOs overcome today’s cybersecurity challenges?
The cybersecurity landscape is rapidly changing, with increasing numbers of both known and unknown attacks arising daily. However, threats like malware, ransomware, phishing, DDoS, and others are only the more conspicuous of the issues that CISOs must contend with.
In particular, ransomware has become far more prevalent and aggressive recently, and it seems no industry is immune. Notable attacks have occurred on energy, healthcare, food and beverage, education, and other industries, and it’s a no-win situation—whether the victim decides to pay the ransom or not, crucial business operations are disrupted, and the company’s public image is affected.
Similarly, data breaches have increased exponentially, and with the rise of remote working, the potential surface area of attack has grown as well. The “branch of one” that each individual worker represents can easily become a point of attack if a strong security infrastructure is not in place. Like ransomware, data breaches are industry agnostic and can be incredibly damaging to brand reputation as well as business operations.
The explosion in remote working brought about by the pandemic; ever-increasing reliance on cloud and containers, VMs and other distributed resources; and an expanding range of compliance standards and regulatory policies are just a few examples of other complex challenges that CISOs must contend with. Further, the diverse range of cybersecurity solutions available to address these issues can easily lead to decision paralysis.
CISOs have become beleaguered by the many challenges they face on a day-to-day basis. However, by breaking the problems of cybersecurity down into three overarching strategies, CISOs and other cybersecurity professionals can gain control and peace of mind.
Put simply, these three complementary principles are see, understand, and act.
“See” refers to granular visibility across all assets including users, applications, devices, and networks, as well as both north-south and east-west traffic, and even intra-network traffic such as that between VMs or containers.
There are a number of security concepts that aim to plug the holes in visibility, such as the Secure Access Service Edge (SASE), which combines SD-WAN with security functions to provide deep visibility across distributed services and assets. Micro-segmentation can help mitigate east-west vulnerabilities in traffic between containers and VMs. And the relatively new XDR solutions can take advantage of existing security products — like NGFWs, WAFs and other solutions — to gain deeper visibility into traffic throughout the network.
“Understand” is a critical component of the strategy that refers to the ability to analyze and accurately portray potential threats and attacks. Multidimensional threats have become adept at masquerading as legitimate traffic, making them much more difficult to correctly detect. Conversely, the proliferation of point security products within a network can lead to the security team being inundated with alerts and alarms—many of them false positives — that then require manual analysis before any defensive action can be taken.
A number of older technologies have been used for some time to address this need, but many regard them as expensive and resource intensive, and it can be difficult to resolve data discrepancies. As a result, a newer solution — XDR, or extended detection and response — has recently come to the fore in threat correlation analysis.
An XDR solution applies AI and ML-enhanced engines and algorithms upon the aggregated metadata to identify potential threats, vulnerabilities, and anomalies quickly and accurately. In addition, many XDR solutions incorporate intelligence from third-party partners to further improve understanding of the metadata and refine results, and eliminate the ambiguity often presented by the older technologies.
The final step of the strategy is “Act,” or putting the work of granular visibility and deep analysis and correlation into action. Given the volume of traffic in a typical network, the proliferation of malware and other threats, and the diversity of deployed security solutions, manual intervention against threats is simply just not enough.
Here again, an XDR solution can assist the strategy by automatically orchestrating security enforcement points to rapidly respond to emerging threats. Predefined security playbooks offer optimized workflows, and additional playbooks can be generated automatically or manually to further refine security responses. Once triggered by a security incident, these automated tasks are then deployed across NGFWs and other security devices via APIs or SSH connections to enable swift attack containment before damage can be done.
By adopting a high-level strategy of see, understand and act, CISOs and other security professionals can gain the visibility, rapid identification, and comprehensive response needed to protect edge, cloud, asset, and application resources.
Hillstone Networks has been recognized in the Gartner Magic Quadrant for network firewalls for 8 consecutive years, most recently moving into the ‘visionaries’ quadrant. The company’s proven infrastructure protection solutions provide enterprises and service providers with the visibility and intelligence to comprehensively see, thoroughly understand, and rapidly act against multilayer, multistage cyberthreats. Favorably rated by leading analysts and trusted by global companies, Hillstone protects from the edge to cloud with improved total-cost-of-ownership.