In the Cybersecurity Battle, the Side with Information Superiority Wins.
Whether we’re engaging foes in warfare or protecting our computer networks, having information superiority is essential to success. Defined in the US Army Vision 2010 doctrine as “the capability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same,” information superiority is identified as “the key enabler in 21st century operations”.
The battle for your network revolves increasingly around information superiority. When your network is breached, the attackers are leveraging information superiority – they know something you don’t about your environment and they’re using that to gain access to your network and digital assets.
Unfortunately, the typical organization doesn’t know enough about its environment to effectively defend it. Why? Because most IT security professionals lack the visibility and control they need to keep up with the rapid pace of change – both within the IT environment and the broader threat landscape. Old techniques of sporadic asset determination coupled with static defenses no longer work in this highly dynamic world. Adding to the challenge are cloud-hosted and virtualized IT services, mobile users and consumer devices in the workplace – all standard in organizations striving for lean and effective operations in an increasingly competitive world.
So how can you maintain information superiority in today’s reality? As a network defender you need to have a clear baseline of your environment in order to protect it. In short, you need to be able to see everything in your network. Once you “see it,” then you can “control it.” Real-time discovery and intelligent security automation must become the centerpieces for an effective security practice where defenses are properly adjusted in meaningful time frames. In addition, newer and more responsive controls that address sophisticated threats are required to reduce risks when an outbreak does occur.
Below are just a few questions IT security teams should ask vendors when evaluating their abilities to provide the requisite information superiority for an adequate defense.
1. What elements of the IT environment can your solution detect and how often is that information updated? It isn’t enough to provide visibility into applications, files or threats on a monthly, weekly or even daily basis. IT security teams need continuous and total visibility into all devices, applications and users on a network as well as an up-to-the-minute network map, including profiles on client applications, operating systems, portable devices (phones, tablets) and network infrastructures (switches, routers, etc.). Real-time visibility into attacks, vulnerabilities, changes in behavior and the environment is also essential. Information superiority is attained by using this awareness, mapping threats against asset vulnerabilities, and then tying this intelligence back to defenses in an automated fashion.
2. What kinds of controls are available to minimize the impact of a potential attack? Since advanced threats are short-lived, targeted, and often exploit unknown vulnerabilities, minimizing the available attack surface through intelligent and granular controls is a necessary protection measure. For example, access control over applications and users enables IT security professionals to easily deploy integrated control and threat prevention policies. In addition, solutions that can tap into “big data” (i.e., the vast amounts of security data gathered from users as well as network and computer security technologies) and leverage analytics to deliver protections quickly, give security professionals further control to speed threat mitigation.
3. What capabilities help address constant change? Security automation is critical to proactive protection. It isn’t enough to automatically find signs of attack and alert a human to take action. Solutions must go a step further and use contextual awareness to intelligently filter out “the noise,” assess threat impact and automatically adjust to provide protection. Whether it’s blocking malicious attacks, enforcing policies, prioritizing and pointing out suspicious events to human analysts, or reporting to the organization – it all needs to happen automatically and in real-time.
In the cybersecurity battle, the side with information superiority wins. The sooner we realize that the status quo is no longer sufficient and that the ability to “see it” and “control it” is critical for 21st century protection, the sooner we can empower network defenders against attackers. Information superiority provides the indispensable foundation for an effective defense-in-depth strategy – enabling us to win the battles, and the war.
By Marc Solomon