Preparing for a cyber attack: 5 best-practice tips
Sourcefire sketches a plan that recognises the truth: no network is impregnable
Even the most security-diligent organisations are realising that breaches are no longer a question of "if" but a question of "when". Yet many organisations still do not factor the inevitability of compromises into their overall defence strategy, instead focusing on controls to keep every conceivable type of threat at bay.
However, the ability to use controls to close every gap attackers can find and reduce the surface area of attack to zero is fundamentally flawed.
As I discussed in my last article, the attack chain shows how attackers are routinely bypassing updated layers of network and endpoint security products to execute their missions. Now, more than ever, preparing for an attack must include containing the damage and more rapidly restoring systems to trusted states.
The following five tips will help organisations better prepare in the event of an attack:
1. Adopt a threat-centric approach to security
Attackers don't discriminate and will take advantage of any gap in protection to reach their end goal. Rather than relying on disparate "silver bullet" technologies that don't - and can't - work together, you need solutions that address the extended network - protecting endpoints, mobile and virtual environments as well. They must share intelligence in a continuous fashion and they must span the full attack continuum - before, during and after an attack. Look for technologies that go beyond point-in-time detection and blocking to include a continuous capability, always watching and never forgetting, so you can mitigate damage once an attacker gets in.
2. Automate security as much as possible
Manual processes are inadequate to defend against relentless attacks that often employ automated techniques to accelerate and broaden attacks. You need to reduce labour-intensive tasks and streamline security processes. Tools that can intelligently identify and automatically alert only on relevant security events can save security teams hours investigating events that aren't real threats. In addition, being able to automatically enforce and tune security policies and rules to keep pace with the changing threat landscape and evolving IT environment minimises risk of exposure to the latest threats and vulnerabilities.