Published: Aug 23, 2019

six steps to building a healthy cyber immune system

A cybersecurity strategy is similar to our biological immune systems. Threats grow in complexity even when our defences respond to contain them. A healthy cybersecurity ecosystem is vital to ensuring that your business stays protected from attacks.

"A healthy cybersecurity ecosystem will ensure all components are working together in near real-time to anticipate and prevent cyber attacks, limit the attack spread, mitigate the consequences, and restore systems and networks to a trusted state. "

It’s hard to ignore the similarities between cybersecurity systems and our own biological immune systems. Just like our bodies, threats grow in complexity even as the anatomy’s defences respond to contain them. With each attack, the immune system learns to improve its responses or is overwhelmed and succumbs to the attack. In both cases, keeping the component parts of the immune system’s defences in check is the key to ensuring a robust response and repelling attacks.

A cybersecurity ecosystem comprises a diverse array of parts – computers, software, communications technologies, cyber devices and appliances, compliance and regulatory bodies/frameworks, processes, and people – that interact for multiple purposes.

A healthy cybersecurity ecosystem will ensure all components are working together in near real-time to anticipate and prevent cyber attacks, limit the attack spread, mitigate the consequences, and restore systems and networks to a trusted state. Security capabilities are built into the cybersecurity infrastructure in a way that allows preventive and defensive courses of action to be coordinated within the corporate network with trusted information exchanges and shared, configurable policies.

A healthy cyber ecosystem operates via layered defences and countermeasures that work in tandem, much like antibodies responding to a virus in our body. This ecosystem works from within the body (the corporate network), covering all vital functions (the whole enterprise), learns, adapts and remembers (identify and monitor threats, analyse and remediate, watch and prevent), and responds quickly (intervention).

Setting out a blueprint for a healthy cybersecurity immune system requires a deeper understanding of the organisation’s security posture and how it maps against the business goals. Only then, can the enterprises assess if there are gaps in defences, and have a clearer picture of their security readiness.

Here are six steps to include:

Good hygiene precedes a strong and healthy cybersecurity immune system. This is a quality check on the individual components of the ecosystem to ensure they are fully functioning so the whole defence infrastructure doesn’t break down when attacked.

This calls for regular security audits, investments in improving current defences, processes and protocols, and continuous training to keep security practitioners current at all times. For example, strengthen incident response by deploying a blue team environment that looks at ways to defend, change, and re-group security mechanisms.

Other steps include network segmentation, perimeter protection, privilege and authentication controls, and asset isolation.

Pervasive visibility is to a cybersecurity immune system what blood is to the human circulatory system. Without persistent visibility across both the physical and virtual (including hybrid clouds) networks, detection, prediction, and response will be weak at best.

Establishing visibility into all systems at the network-packet and metadata level via a single pane of glass will allow security defences to contain the threat effectively.

Much like how a virus spreads across organs in the human circulatory system, malware often targets lateral movement between vital computing systems and devices in the corporate network.

Faced with good cyber hygiene, the malware will attempt to evade detection but with adequate threat identification capabilities, behavioural anomalies will be detected. The suspicious activity is triangulated and compared against known bad behaviour to identify the intruder.

This process resembles many modern cybersecurity systems that adopt machine-learning (ML) technologies to learn, remember and adapt to combat viruses and bacteria, and to immunise the enterprise from further attacks. Additional steps include considerations of security processes and technical controls that are capable of identifying series threats that could be programmed to trigger an alarm.

The next step to include is the development of predictive capabilities to identify motives. The motive behind attacks often reveal repeatable behavioural patterns that will allow the security infrastructure to respond appropriately.

Many threats such as malware and command-and-control (C&C) server use the same codebase/framework to penetrate networks even if somewhat disguised or morphed. They share many of the same codebase characteristics and attack cycles, allowing the enterprise defences to predict intent before any damage is done. Artificial Intelligence (AI) technologies are often deployed to uncover such behavioural patterns.

Once the motive is uncovered, the appropriate incident response can be taken to contain the threat and for further analysis. Much of this is done manually today but with security orchestration and automation tools, these actions can be fully autonomous without additional human input.

It’s always useful to seek the expertise of a Managed Security Services Provider (MSSP) to shore up your defences.

Trustwave, a Singtel company, is a leading MSSP with industry-leading threat detection and responses services that provide 24X7 around-the-globe delivery, powered by Trustwave SpiderLabs®, and can be tailored to your security needs. Services include innovative SpiderLabs® security research capabilities, threat intelligence, monitoring of SOC, and an intuitive portal to automate cybersecurity management and response.

Conventional security frameworks focus on keeping threats and attacks out or away from corporate networks. But with the speed and volume of cyber attacks available today, keeping out network intruders is increasingly difficult.

A security framework or model targeted at working within the network, from inside the perimeter would provide comprehensive protection of the enterprise’s entire network infrastructure.

Operating much like the human immune system, this new model will emphasise learning and adapting to threat vectors using technologies within. Accordingly, this cybersecurity immune system will respond quickly to provide complete coverage against an attack, detecting the malicious code, analysing it and mitigating the risk with an appropriate action.

Speak to us to discover how to build a comprehensive security model.

Contact us at: g-security@singtel.com