Adaptive security is a cybersecurity model with four phases, prediction, prevention, detection, and response. The process was developed in response to the decentralization of IT ecosystems to accommodate hybrid working environments and the porting of systems to the cloud.
The perimeter that once defined a network no longer exists. Organizations are leveraging cloud technology and shifting towards hybrid work environments. The de-centralization of IT ecosystems is becoming increasingly difficult to defend. Effective perimeter security acts as a shield or armor from outside attacks, but as the surface area of networks continues to grow, so too does the attack area. This means more ways for attackers to get into your network. Security professionals must bolster their armor and add an immune system to their network. Adaptive security provides a framework to develop that immune system.
Breaking down adaptive security into its four major components, Prediction is the first component to assess risks and develop plans to defend against threats. Organizations need to be up to date with the current security trends to effectively plan a defense strategy. Proactive data collection and analysis is an integral part of the prediction process. Red Sky Alliance collects and maintains several datasets, including botnet tracking, breach data, dark web data, keylogger data, malicious emails, sinkhole data, and more. Data is important; however, without analysis, data is not intelligence. Analysts can use this data to identify security trends and guide decision-makers on how to best implement controls to protect their information.
The Prevention phase of the Adaptive security framework is organization specific. Some prevention techniques that work for one industry might not transfer as well to another industry. Risk analysis should help provide decision-makers with the information they need to prioritize security systems. Some universally accepted principles include the principle of least privilege and zero trust network access. Limiting a user’s ability to access information to only what they need minimizes the likelihood of an attacker compromising a privileged account. The zero-trust methodology assumes that a breach is inevitable or has already occurred. Zero trust requires an aggressive approach to monitoring, management, and defense. Zero-trust also assumes that all resource requests and traffic may be malicious or systems have already been compromised. There is always an assumed risk when letting people access your network; in practice, the right user should use the right device and application. Monitoring how people, devices, and data behave and intervene if actions look malicious detection is simplified. Security practitioners can protect their organizations' assets.
The third phase of the adaptive security model is Detection. Zero trust can play an important role in the detection phase, especially if aggressive monitoring techniques are used to identify malicious behavior. While organizations are monitoring their systems, Red Sky Alliance can provide breach data collected from leaks on the deep and dark web. This data can help identify breaches that went undetected so your organization can take the appropriate responsive actions. Our breach data collections include raw data from database breaches scraped from both the dark web and public breach disclosures. Our breach data frequently includes email and password combinations and, in some cases, other Personally Identifiable Information (PII).
The Response phase is the final stage of the adaptive security model. Once a security event or incident is detected, an organization’s security team must take action. This usually follows an incident response plan and a forensic investigation. Collecting evidence is a key part of forensic investigation. Organizations can use Red Sky Alliance breach data and threat data collections to confirm suspected incidents and take corrective actions. Red Sky Alliance’s Threat Recon data include Indicators of Compromise (IoCs), Yara rules, and Snort rules used to identify malicious activity. The corrective actions could include improving the organization’s security methodology, changing technical controls, or changing policies.
The post-incident review is often overlooked as an organization returns to normal operations. This is a critical step in which security professionals reflect on the response process, and in adaptive security, this should include improvements to each phase of the methodology. Using hindsight to determine more effective prediction, prevention, detection, and response processes can help an organization maintain a sound security posture against increasingly advanced threat actors targeting enterprises. Using tools like the Cyber Threat Analysis Center (CTAC), RedPane, and RedXray, by Red Sky Alliance provides data that organizations can use to improve their adaptive security processes.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee. gotowebinar. com/register/3702558539639477516
Comments