A few years ago defense in-depth approach became quite prominent in cyber defense methodology, where security controls was applied in a layered manner to achieve some forms of resilience. This remains in practice today and not likely to change anytime soon.
In more recent times Cyber Resilient started gaining recognition among security professionals, this approach brings into focus information security, business continuity and resilient. Wow! Great concepts and tools but there is one aspect that will always lag, the human factor.
Take for instance, your network monitoring tool or SIEM just picked-up an IP address constituting an offense in your environment? This offence is assigned to an individual or a group for further investigation. Make no mistake, many organization still operates like this.This process is usually time consuming and inefficient.
Organization in most cases would respond by isolating the offending traffic and tweaking the firewall rules to carter for this gap but it is a very shallow approach to cyber resilient. The human factor usually removes depth and creates more oversight, the time taking to investigate this incidence gives room for more similar attacks to pass-through while investigation goes on – in any case, you need to maintain normal operation while investigating the incident.
Agility is about speed and accuracy, your defense in-depth or cyber resilient strategy would not be complete without automating your investigation and response process. The questions below can help every organization calibrate its incidence response tools and strategy.
1. On a few mouse click, can your Detect and Response system on a single pane show a holistic view of the security posture of your assets with respect to a particular threat event?
2. Can your Detect and Response system pinpoint all the assets that are potential target to the threat event under investigation?
3. Can your Detect and Response system help your team prioritize response and remediation actions?
4. Can your Detect and Response system learn from every incidence and apply the lessons learned to better your response time in subsequent cases.
5. Are you able to harness the data enriched by system events and network monitory tools to be more proactive in your response?
6. How much do you rely on people for investigation and response?
The answer to these questions above would help you realize where there are gaps in your current incidence Response system. IBM security is bringing power of machine learning and cognitive ability to Prevent, Detect and Respond to threat in a more agile manner not seen before. This approach is seen in IBM resilient and IBM Watson for cyber security.
ActivEdge Technologies Limited has well trained and certified consultants that will help you bring Agility into your cyber defense in-depth through IBM cognitive Security suites namely IBM Watson Adviser for Qradar, IBM Resilient, IBM BigFix and IBM Maas360.
Contact us for a 90-days trial of the following IBM Product suite.
