5 Recipes For How to Design a Resilient Cyber-Attack Environment

1. Focus on availability-security

Latency is a high focus for these folks.  Most just focus on confidentiality and integrity-based security models. All three aspects need to be focused on to ensure comprehensive security.

2. Understand the value & meaning of architecture as it relates to attacks

• Placement of technology devices in the environment is key
• Types of technologies leveraged (e.g. leveraging UDP, CDN, stateful devices, etc.)
• Know the limitations of business-logic decisions — RFC and ISO compliancy may be, ironically, in the end a known vulnerability (e.g. leveraging RFC compliant web applications)
• Deployment of 80% of known technical and operational controls is no longer adequate. A process must be in place to be able to technically and operationally lock down your environment during a cyber-attack 100%.
• Not relying on a single point of security technology to do the entire job (e.g. security in-depth)
• Use of encrypted technologies (e.g. SSL / TLS)

3. Focus on the visibility they can get during an attack/attack detection quality

• Not just relying on Netflow detection, which provides blind spots
• Heavily leveraging Challenge/Response Technology – uniquely situated to distinguish attack traffic
• Understand the value of anomaly-detection technologies and rely on them heavily
• Understand the value of web-application-firewall and the role it plays in an integrated security platform
• Requiring correlated information out-of-the-box
• Ability to inspect encrypted and encapsulated technologies (e.g. MPLS, GPRS, L2TP, GRE, etc.)

[You might also like: 5 Cyber Attack Developments Worth Your Attention]

4. Focus on real-time authentication & mitigation decisions

• Integration of Reputational Management/Dynamic black-listing technologies
• Heavily leveraging Challenge/Response Technology
• Ability to coordinate fighting an attack with eco-system service providers such as Certificate Authorities (CAs), Authoritative DNS providers, Cloud Providers, etc.
• Understanding the value of real-time signature generation for anomalistic threats

5. Understand the value of Emergency Response & Retaining Offensive Attack Capabilities

• Establishing an internal intelligence-gathering network to understand current risks to the organization from a cyber-attack.
• Understanding the value of placing a knowledgeable and wise human who oversees the orchestration and mitigation of cyber-attacks (e.g. Emergency Response processes).
• Leverages and retains techniques and capabilities to actively mitigate attackers (not just absorb and defend from attacks).
• Ability to adjust configurations and techniques during an attack in response to a changing attack landscape.