1. Focus on availability-security
Latency is a high focus for these folks. Most just focus on confidentiality and integrity-based security models. All three aspects need to be focused on to ensure comprehensive security.
2. Understand the value & meaning of architecture as it relates to attacks
- Placement of technology devices in the environment is key
- Types of technologies leveraged (e.g. leveraging UDP, CDN, stateful devices, etc.)
- Know the limitations of business-logic decisions — RFC and ISO compliancy may be, ironically, in the end a known vulnerability (e.g. leveraging RFC compliant web applications)
- Deployment of 80% of known technical and operational controls is no longer adequate. A process must be in place to be able to technically and operationally lock down your environment during a cyber-attack 100%.
- Not relying on a single point of security technology to do the entire job (e.g. security in-depth)
- Use of encrypted technologies (e.g. SSL / TLS)
3. Focus on the visibility they can get during an attack/attack detection quality
- Not just relying on Netflow detection, which provides blind spots
- Heavily leveraging Challenge/Response Technology – uniquely situated to distinguish attack traffic
- Understand the value of anomaly-detection technologies and rely on them heavily
- Understand the value of web-application-firewall and the role it plays in an integrated security platform
- Requiring correlated information out-of-the-box
- Ability to inspect encrypted and encapsulated technologies (e.g. MPLS, GPRS, L2TP, GRE, etc.)
4. Focus on real-time authentication & mitigation decisions
- Integration of Reputational Management/Dynamic black-listing technologies
- Heavily leveraging Challenge/Response Technology
- Ability to coordinate fighting an attack with eco-system service providers such as Certificate Authorities (CAs), Authoritative DNS providers, Cloud Providers, etc.
- Understanding the value of real-time signature generation for anomalistic threats
5. Understand the value of Emergency Response & Retaining Offensive Attack Capabilities
- Establishing an internal intelligence-gathering network to understand current risks to the organization from a cyber-attack.
- Understanding the value of placing a knowledgeable and wise human who oversees the orchestration and mitigation of cyber-attacks (e.g. Emergency Response processes).
- Leverages and retains techniques and capabilities to actively mitigate attackers (not just absorb and defend from attacks).
- Ability to adjust configurations and techniques during an attack in response to a changing attack landscape.