Adaptive security will become one of the key phrases you will hear over and over again this year. As with many new concepts, the term itself can be hindered by the varied definitions people attach to it and the context within which it is used. In this instance I want to discuss how organizations can utilize Cyber Threat Intelligence (CTI) to help them move towards an adaptive security posture.
When talking about adaptive security I mean the ability to send and integrate threat intelligence (in almost real time) with your deployed security real estate.
The companies should assume that they are in a state of continuous compromise, and that’s why we, the security experts, must reimagine our approach to security in order to develop an adaptive architecture that protects organizations from advanced attacks. One of the fundamental building blocks of deploying an adaptive security model will be that an organization will need to be receiving targeted actionable threat intelligence that is in machine-readable format. There is a clear distinction between generic and targeted intelligence here.
By generic I mean the types of feeds that simply aggregate open source feeds. These will not do. What we need is targeted intelligence that is intelligence specific to your organization.
Targeted intelligence will also give an organization contextual awareness. What does this translate into in practical terms? It translates into telling an organization what user name and password was compromised from what IP, when, and by what malware type. This list is not exhaustive but a simple starting point to building up contextual awareness
The second key building block will be the need to have this information delivered in an automated manner in machine-readable formats. This functionality needs to be an integral feature of the CTI that an organization is receiving. If these two facets are in place this will lead to a seamless integration with the existing deployed security real estate.
Finally with automation in place, achieved through machine–readable information, we arrive at an automated threat response posture.
In addition, we shouldn’t forget that building collaborative ecosystems and adaptive defense are also important key points for the future security controls.
Now what does this give a business in terms of practical benefits? One very immediate impact will be that an organization will be to process and absorb large volumes of threat intelligence quickly and efficiently. Secondly, organizations will be able to redeploy scare resources towards more strategic planning and away from tactical responses and thereby allow business to develop a strategy of reducing their surface attack vectors so it is as small as possible.
This is a very high level walk through of what it means to deploy an adaptive security posture and to conclude we can say that adaptive infrastructure is one that is aware of various elements and events occurring across a wide variety of security inspection capabilities.
For a more comprehensive overview please get access to a webinar Blueliv made about this topic.
Nahim Fazal, Head International Business Development