This marks the final post in our series on the top trends we see in cybersecurity for 2022: cyber resilience. Much like our last post on compliance, resilience spans most of our previous topics in this series, including the threat landscape, the cloud, the distributed workforce, and artificial intelligence.
Cyber resilience is an ongoing process, rather than a one-time event, in which IT and security teams assess potential, prepare for, combat and bounce back from cyberattacks and breaches – all with the goal of enabling the organization to weather inevitable attacks while continuing to perform critical functions, even if the performance is somewhat degraded.
Why Cyber Resilience is Critically Important
It’s no longer sufficient for IT staff to deploy a security infrastructure, then go on to other projects. Sadly, security incidents aren’t exceptions anymore. Instead, they’ve become the norm.
Cybersecurity has become a never-ending process of responding to a vulnerability, a breach, a threat or attack, smacking it down, then moving on to the next one – much like a game of Whac-A-Mole played at the highest speed. It should be noted that the gamer, or the enterprise in this case, is always going to be one step behind the mole, or the threat. It has become a post-breach world where the next security incident has probably already infiltrated the network. As a result, it can seem like security teams are always reacting, or always trying to play catch up. That’s where cyber resilience comes in.
Cyber resiliency means that the infrastructure can withstand threats, and security teams can trust in the systems to mitigate vulnerabilities and malicious acts automatically. To achieve cyber resilience, IT needs to move from a model that is inflexible, static and impractical to one that is adaptive, dynamic and realistic. In other words, reshaping cybersecurity into security that works.
Basics of Cyber Resilience
There are literally thousands of articles on cyber-resilience; we found a particularly good series (though a little dated) over at MITRE.org. Almost universally, the writers recommend four basic steps toward resilience:
- Map all assets connected to the network including cloud-based assets and services, then determine which of them are essential for critical business processes. For example, enterprise resource planning (ERP) may not be considered vital during an attack, while sales order processing most probably will be. Cross-organizational inputs can help identify the criticalities.
- Identify the potential vectors that hackers can use for attacks against the business processes you’ve classified as critical. It’s absolutely essential to understand how these processes could be disrupted, right down to the smallest details like a poorly secured IoT device that can act as an entry point into a server, for example.
- This step leverages the assessment and analysis of the previous steps to develop response plans that will address potential failure scenarios. Security technologies like eXtended Detection and Response (XDR) can play a role in this step; they allow admins to define playbooks to automatically orchestrate security responses across multiple other solutions like NGFWs and WAFs. Any response plan, though, should also include high-level strategic planning for attacks like ransomware to avoid losing precious time to decision paralysis when a payment is demanded.
- The final step is to repeat the three previous phases on a routine basis, assessing and monitoring your infrastructure continuously and constantly improving the security of the infrastructure.
If this all sounds like an enormous undertaking, why yes, it can be, depending on the size and complexity of your network and number and distribution of assets. However, a relatively new technology utilizing a similar step by step process can help make the experience far more accurate and manageable.
Micro-Segmentation: A Key Tool in Resilience
Micros-segmentation solutions were originally introduced to partition physical and virtual resources into logical groupings to better defend against unauthorized lateral movements – a hallmark of ransomware and advanced persistent threats as they explore and infiltrate servers and other assets.
Technically defined as cloud workload protection platforms (CWPPs) by Gartner, these solutions monitor and provide visibility into traffic between VMs and port groups and allow admins to easily visualize the network to discern unusual traffic patterns, plan for capacity needs, and more.
One of the key capabilities of a micro-segmentation solution is asset discovery, which can be of immeasurable help in the asset mapping described in Step 1. Given that virtual assets like VMs, containers and other cloud resources can scale up or down, migrate and be retired very quickly, it can be almost impossible to accurately map them by human means alone. When looking for a suitable solution, it is highly recommended to look into a micro-segmentation solution that can support a form of auto-asset discovery, as this will be immensely time saving.
Once assets are mapped, identifying critical assets and interactions is the next step in the process. Most proficient micro-segmentation solutions offer an all-encompassing dashboard view that allows easy visualization of what is deployed, how it interacts, and where additional protections are essential. Similarly, these solutions can apply traffic policies and security mechanisms to detect and prevent unauthorized movements between assets.
Micro-segmentation is just one example of a concept that can encourage cyber-resilience. Described above are just a few examples of how micro-segmentation can help augment your cyber resilience efforts; we describe the technology in far more detail in our blog on getting started with micro-segmentation. Ultimately, a strong cyber resilience program stems from the ability to see, understand and act, resulting in security that works. To learn more about Hillstone’s solutions and how they can assist your efforts toward cyber resiliency, contact your local Hillstone representative or authorized reseller today!