Leveraging technologies like UDP, CDN and stateful devices is key here. However, knowing the limitations of business-logic decisions is also important. Ironically, in the end, RFC and ISO compliancy may be a known vulnerability. What is clear from the past year of attacks is that the deployment of 80% of known technical and operational controls is no longer adequate.
A process must be in place to be able to technically and operationally lock-down your environment 100% during a cyber-attack. Using encrypted technologies such as SSL and TLS and not relying on a single point-of-entry security technology to do the job are also crucial to this step.
3. Focus on the visibility they can get during an attack / attack detection quality
Simply relying on Netflow detection will expose your security architecture to blind spots. Instead, security professionals should leverage challenge/response technology, which is uniquely situated to distinguish attack traffic. Understanding the value of anomaly detection technologies, as well as the role that web-application-firewall plays in an integrated security platform, is also absolutely essential.
In addition, your security environment needs the capabilities to inspect encrypted and encapsulated technologies such as Multi-Protocol Label Switching (MPLS), General Packet Radio Service (GPRS), Layer 2 Tunneling Protocol (L2TP) and Generic Routing Encapsulation (GRE).
4. Focus on real-time authentication & mitigation decisions
Since attacks happen in real-time, resilient cyber security environments integrate reputational management and dynamic black listing technologies. To successfully combat these types of attacks, security professionals must possess the ability to coordinate their response to an attack with eco-system service providers such as Certificate Authorities (CAs), authoritative DNS providers and cloud providers.
Finally, being able to understand the value of real-time signature generation for anomalistic threats plays a key role in successful attack mitigation.
5. Understand the value of emergency response and retaining offensive attack capabilities
It is important not to underestimate the value of being prepared with an emergency response plan in place before attacks occur. In order to do this successfully, organizations should establish an internal intelligence-gathering network to understand current risks and gauge how susceptible the organization is to a cyber attack. Leadership here is also important, with the need for a knowledgeable security professional to oversee and coordinate emergency response and cyber attack mitigation.
In addition to being prepared, organizations need to think beyond defense and incorporate techniques that actively mitigate attackers rather than simply absorb and defend against them. Given the nature of today’s attacks, an organization’s security infrastructure must be able to adjust configurations and techniques during an attack in response to a changing landscape.
There can be no doubt that the selection of security defense technologies is very important. However, successful security environments are not only a matter of selection. Each technology serves a specific purpose. As a result, their proper integration is equally important. In fighting cyber attacks it is clear that the organizations that have successfully managed through these attacks have been keen buyers of world-class technology. But more importantly, they have deployed and integrated security technology in a way that has allowed them to make tremendous use of information and processes to both detect and mitigate attacks that unfold in real-time.
In 2013, if you find yourself facing cyber attack risks or vulnerabilities, these are the steps you’ll need to take as soon as possible to effectively stave off these threats.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.