Numerous successful cyber attacks against even the best funded, most competent organizations demonstrate that current security strategies and solutions are not working.
Here at Blackpoint we have a pretty unique approach to cyber security, and we feel it’s important to share with you what that approach is. Here are our 12 cyber security principles that drive our service and product.
1. Breaches and compromises will occur.
Regardless of the sophistication of preventative and perimeter security, determined malicious cyber actors will continue to find ways to compromise organizations.
Today, exploits, 0-days, poor IT hygiene, incorrect IT configuration, insecure hardware and software, human behavior, and insider threats lead to compromises.
These causes will remain effective for cyber attackers into the foreseeable future.
2. Detection instead of prevention.
Historically, cyber security solutions have focused on prevention – and in a perfect world, this would be the best solution.
However, preventing all possible methods of compromise is arguably impossible.
Therefore, an effective detection solution must be put into place to catch anything that the firewalls, intrusion prevention systems (IPS), and anti-virus (A/V) do not catch.
3. Focus on detecting the common elements of malicious activity, not malware.
Examples of common elements include enumeration, lateral spread, and account compromise.
Do not focus exclusively on malware detection which is a reactionary strategy as malware is constantly evolving and, as highlighted above, is not the only source for compromise.
4. Malicious cyber actors have learned to leverage IT administration tools, tactics, and technologies to carry out their attacks.
This strategy is extremely effective as it’s easy to employ and challenging for many current cyber security solutions to detect.
5. Understanding what happens at the endpoint is a necessity.
Many cyber security solutions rely solely on network traffic analysis; however, the majority of network traffic is now encrypted so deep packet analysis is ineffective.
In addition, when malicious cyber actors use “living-off-the-land” techniques, the associated network traffic is often identical or very similar to the traffic of valid applications and users.
6. Log analysis is time-consuming, technically demanding, and often expensive.
Worse, unless suspicious events are immediately evaluated in detail, detecting a compromise in real-time becomes almost impossible.
Even when a compromise is successfully detected, the investigation, correlation, and aggregation of related meta-data across log types is challenging and often requires highly skilled analysts.
7. Asset visibility is crucial to effective cyber security.
In order to best protect an organization’s infrastructure, the organization must first know what is connected to it.
With the growth in smartphones, IP-enabled devices, and the Internet-of-Things (IoT), organizations need to know what devices are connected to their infrastructure, where they are located, and what they are doing in real-time.
8. Network-based monitoring and detection is the near-term solution to IoT security.
With the proliferation of IP-enabled devices across all industries and consumer segments, the number of IoT devices is exponentially surpassing the number of traditional IT devices.
The large variety of IoT devices as well as the lack of standards, regulations, and security-hardening by current IoT vendors means that an endpoint focused approach to IoT security is currently not feasible and may always be a challenge.
Therefore, monitoring and detecting access to IoT devices is the most cost-effective and widely applicable strategy.
9. IT and IoT security must be integrated.
In today’s organizations, IoT/BAS/OT/ICS and traditional IT infrastructure coexist.
Failing to detect threats within any of the networks can result in catastrophe.
For example, in the infamous Target breach the compromise started on the IoT/BAS/OT/ICS side via a breached HVAC system and laterally spread to the IT infrastructure to steal payment information.
10. Response is required.
Cyber security solutions excel at monitoring and detection. However, many have limited or no response capability.
Organizations need to adopt more solutions that can effectively respond to emerging threats.
11. Detection and response must be faster.
Statistics vary on the average duration between the initial compromise of an organization and its detection, but it has been known to take several months at least (Ponemon Cost of a Data Breach report).
If organizations are going to win the cyber fight, this detect and response time must be reduced to hours, minutes, and seconds.
12. Security must be affordable.
If cyber security is cost-prohibitive, especially for small to medium sized businesses (SMBs), then organizations cannot afford more effective cyber security solutions and cyber crime remains profitable.
Companies of every size need protection from malicious cyber activity, and cost should not be the a hindrance.
Here at Blackpoint Cyber we have incorporated these 12 cyber security principles into our product and service, and we guarantee that our solution is a game changer. Learn more today about letting Blackpoint’s experienced MDR team monitor your network 24/7 so you can focus on running your business.