Why Asset-Based Security Makes Sense
by Steven Drew - Thursday, 5 January 2006.
On November 22, 2005, the SANS Institute released its annual report of the top 20 vulnerabilities of the year. As has been noted elsewhere in the security industry, the 2005 SANS Top 20 report once again noted a significant shift in attack patterns as more and more applications are being chosen as attack vectors, as opposed to operating systems and internet services. Adding to the fire is the shift from widespread, indiscriminant attacks like Slammer or Blaster to profit-motivated "targeted attacks," which has been well documented by Joe Stewart, LURHQ's Senior Security Researcher. Combine the two and it's pretty easy to see that the threat landscape is rapidly evolving to include almost any attack vector, allowing attackers to evade some of the most advanced security technologies and threaten your critical assets. Because of this, it has never been more important to make your assets the focal point of your security program than it is now.

The key component of any strategic security program is its overall focus on the enterprise's critical assets. Processes, procedures and tactical operations must be driven by strategic goals based on your critical assets to ensure that the security program is in step with the enterprise's business needs. As a result of this alignment with business needs, a strategic security program will enable business and provide tangible metrics to demonstrate its effectiveness.

In an asset-based security program, the information gained by each operational process is tied to the relevant assets. By focusing on the critical assets that your security program is in place to protect, you put in place an underlying foundation that individual security processes can link into. In doing so, you allow these individual processes to integrate with each other with assets being the "common ground" among them. Think of your assets as being the "glue" that holds together a strategic security program, allowing the information gained by one individual process to be readily utilized to by the other processes. And by enabling the flow of information between security processes that are typically isolated "information silos," you set in place the mechanism that drives continuous improvement across your entire security program.

So how does this strategic asset-based approach keep attackers away from your intellectual property? Tactically speaking, asset-based security allows you to better manage operational workflow by pointing out which security efforts would reduce the most risk. It differentiates assets based on their criticality to your business, allowing for you to make faster and better decisions in response to threats. For example, say an attacker wants to gain access to your primary research and development database server. A few days before, several vulnerabilities were publicly disclosed detailing exploitable flaws in your databases. During peak business hours, your IDS detects many possible incidents including a buffer overflow attack directed at your R&D database server. Because your security program is integrated around your assets, the R&D database server is immediately recognized as a highly critical asset that, according to the newly disclosed vulnerability data and ongoing vulnerability scans, is vulnerable to the buffer overflow attack detected by your IDS. The incident stands out from the rest of the alerts and is escalated as the highest priority and your security team reallocates their resources to mitigate the threat immediately, maintaining the integrity of your intellectual property.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th