Golden Triangle of Cyber Defense

Published on April 13, 2015

 

New CompTIA study Trends in Information Security highlights growing complexity of security environment that challenges even the best prepared businesses. Organizations have to match the pace of technology changes (cloud computing, mobile technologies) to stay competitive, expand the scope of their security programs to reduce attack surface ballooning due to these changes, and to continuously evolve their cyber defenses to meet advanced offensive capabilities of the attackers.

The penetrating power of cyber attacks increased substantially across all three components of the Golden Triangle:

  • People: better skills; larger numbers.
  • Process: better planning and organization of attackers; information sharing.
  • Technology: easier availability of tools; attack automation; increased sophistication and modularity; infrastructure and components sharing and reuse.

Successful cyber defense has to not only match, but to exceed this increase, since the cost of the breach has gone up exponentially too. How does our triangle look like? Not too good:

  • People: security awareness is a must, but it’s a slow and difficult task, and as CompTIA study shows, human error is still the largest factor behind security breaches.
  • Process: information sharing is still a problem, and even the best security policies become obsolete before they’re fully implemented; dynamic risk-based frameworks are gaining popularity, but require significant technology support.
  • Technology: specialized, niche monitoring and detection tools can give attackers a run for their money, but the defense orchestration, situational awareness and visibility of the overall risk leave much to be desired; while the attack might progress at computer speed, response is still limited to human interaction, and automated response is hindered by the uncomfortably high rate of false positives in threat detection.

The game changer is continuous risk monitoring through automated analytics. It can help on all fronts: detect human error and broken process, support dynamic risk-based framework, improve situational awareness, reduce false positives, and minimize incident response time by providing analysts with relevant, actionable, and context-rich information.