NSS Labs Report on Cyber Resilience Highlights the Need for a New Approach to Security
A few years ago, a point-product security vendor proudly declared their technology was the silver bullet that stopped ALL security threats from penetrating the corporate network. Many of us in the industry raised our collective eyebrows in surprise at such a bold claim.
While the naive or inexperienced might have believed such an outrageous claim, we all knew there is no such thing as a silver bullet in security and that no matter how cutting edge or sophisticated your security is, attacks will get through and it is onlya matter of time before any organisation is compromised.The latest NSS Labs Report on Cyber Resilience addresses this silver bullet fairy tale head on, highlighting that it’s not the 98 percent of threats security defenses catch which organizations must be concerned about, it’s the two percent of threats defenses miss which can often lead to the beginnings of a breach.
As we know, it’s no longer a matter of if your organization will be attacked, it’s a matter of when. Which is why organizations today require a simple, scalable, and threat-focused model to ensure visibility across the entire attack continuum—before, during, and after an attack.
The NSS Labs Report goes a step further in reinforcing these principles. Some of the key findings and recommendations from the report include:
- Learn to anticipate attacks. Assume the breach will occur, and focus on reducing its potential impact.
- Security controls should be viewed not as complete protection against attack, but rather as a means of maneuvering the adversary into attacking a target of the organization’s choosing, and also as a means of proactively managing the impact of network penetrations.
- Prepare to operate at 60 percent capacity in order to withstand a breach which will reduce but not eliminate critical services.
- Plan for flexible network architectures that will allow dynamic provisioning of critical resources to isolate and replace infected portions of the network.
The report conclusion that architectures must be based on the assumption that systems will be compromised and businesses must continue to function is one that aligns to the model that Cisco recommends customers adopt. Additionally, for organizations to be prepared to operate at 60 percent capacity to withstand a breach brings significant business implications including reduced critical services which may well translate into lost capacity and revenue.
Today’s enterprise security teams need to look at their defenses with the eyes of the attackers and not assume their security will protect against every sort of attack. After all today’s attackers look for weaknesses in existing defenses – chinks in the armour – and these findings highlight the importance of staying a step ahead by adopting defenses that address modern threats and gaps in traditional solutions with threat-focused protection that offers full visibility and delivers integrated threat defense for the entire attack continuum. There’s no better time than now to embrace a model that is threat-centric and to move to an integrated approach that delivers full contextual awareness and dynamic controls that automatically assess all threats, correlate intelligence, and optimize defenses to protect modern enterprise networks.