Between Defense and Recovery: The Growing Trend Toward Mitigation
Author(s): Tom Patterson, Posted on July 14th, 2015
Headlines have been blaring weekly with the latest security attack, causing security professionals to quickly build higher (fire)walls, lock down every line of code, and teach their employees (a.k.a. their attack surface) how avoid being susceptible to increasingly good phishing emails and websites. At the other end of the security lifecycle, company boards of directors are now becoming more interested in the importance of understanding business value for putting in place a well practiced incident response plan. Yet both of these good efforts — trying to keep bad guys out, and preparing a better response after you’ve been hacked—are missing the most effective countermeasure group available today: mitigation.
Cyber mitigation strategies assume that somehow, someway, despite all your millions of dollars and sleepless nights, a bad actor will find a way to get in. Whether it’s overpowering your firewalls, tricking or enticing your employees, finding that one unpatched server you were going to get to next week, or just using a zero-day attack that was bought on the TOR—a mitigation strategy assumes they will get in.
After spending huge chunks of my adult life both protecting groups from being attacked, and helping them recover after they are, I’ve come to realize that mitigation is a better solution. However, that better solution requires a fresh approach in defending ourselves. We no longer start out with the classic assumption that success is dependent upon keeping every bad actor out. In fact, we start with the opposite assumption, that with an enterprise of even the most basic complexity, malware will find it’s way in. The old line of ‘bad guys only have to be right once’ is and always has been true. So accept it. Assume they are in. Now what?
This is where the mitigation strategy comes in – after an insider has turned on you, a single flaw exploited, or a truly advanced attack aimed at you (while a common claim from victims, almost never the case, btw) – you start with the assumption that they are inside your defenses, and yet you still have a strategy in place to stop them from doing real harm!
While this concept is not new, and story familiar, up until recently it has been difficult to deploy a feasible solution. Real world costs, complexity, lack of expert operators, product incompatibility, old and outdated defenses and changing infrastructure are few of the many barriers. Sure, you could put a firewall between each and every segment, in front of and behind each and every asset, and build rules upon rules upon rules to try to manage it. But enterprises don’t do that, because it’s just not practical nor cost efficient.
Enter the era of micro segmentation (uSeg), where all of this and more is now possible and practical. The leading uSeg product is our Unisys Stealth™. These advanced products provide all the functional value of an old firewall, but with several key distinctions:
- Stealth is software-based and can encrypt and separate end-points/assets, with no application changes
- Stealth operates on any mix of IP network (public, private, wired, wireless, owned, or supply chained)
- Stealth is managed by identity (directly from your AD or LDAP in many cases), not costly and inflexible network rules and infrastructure.
- Stealth actually uses encryption to hide your assets from malware, making them undetectable from malware that is looking for assets to steal or exploit.
- Stealth works as well in your data center as your hosted facilities and public clouds, providing a single easy to managed defense that works everywhere, is affordable, and easy to operate and maintain
In this day and age, successful defenses cannot be based on billions of ‘events’ seen or hundreds of thousands of lines of ACL code, but must be business practical. They simply must work better.
Today’s fight is fought in the real world, requiring our defenses to be affordable, operational, actionable and successful. Boards are getting tired of ever increasing security budgets with fewer and fewer successful results. Now is the time to rethink old security practices predicated upon keeping everyone out, and then recovering quickly after that fails. Leading executives from board members to CEOs to CIOs to CISOs are starting to look at mitigating their losses before they get out of control. They already manage their risk this way in every other part of the organization, and now it’s time for security to join the party.
Today’s uSegmentation software, led by Unisys Stealth™ now allows them to do just that.