Comments
Cybersecurity Demands New Framework
Threaded  |  Newest First  |  Oldest First
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/19/2014 | 5:05:11 PM
Security, a process on a timeline
Highly instructive to think of security on a sequential timeline. We have understood the time-frame for many years, but to relate the steps of responding to the threats and make the parts interlocking would be a big step forward. How do we begin to do that?
Broadway0474
50%
50%
Broadway0474,
User Rank: Strategist
8/19/2014 | 11:09:44 PM
Re: Security, a process on a timeline
It's interesting that you can apply lessons from the "after" phase of cybersecurity to make your "before" and "during" phases better down the road. But can these lessons be learned fast enough to keep up with the bad guys?
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
8/20/2014 | 1:18:01 PM
Re: Security, a process on a timeline
I think it's definitely a step in the right direction to remove the technology aspect from the overall security discussion. Firstly, since there are multiple technologies to address the same stages of threats, and secondly because it changes the overall thought process as to how threats are managed both proactively and reactively.
Zulfikar_Ramzan
50%
50%
Zulfikar_Ramzan,
User Rank: Apprentice
8/20/2014 | 6:12:46 PM
Re: Security, a process on a timeline
Good point Stratustician. I think many people lose sight of the fact that we care first and foremost about protecting information from threats to that information. The choice of approach should come after. One area that I didn't get into in the article, but which I believe is important in this regard is having a corporate culture that places the appropriate amount of importance on information security. This can help make developing and implementing a security strategy much easier.
MDMConsult14
100%
0%
MDMConsult14,
User Rank: Moderator
8/20/2014 | 1:30:51 PM
Re: Security, a process on a timeline
There are also opprtunities for an innovative framework for cybersecurity. This framework can support research, stakeholder identification of the new ideas and security innovators. The right approach can be numble and can transfer to other domains and technologies.
Zulfikar_Ramzan
50%
50%
Zulfikar_Ramzan,
User Rank: Apprentice
8/20/2014 | 6:08:25 PM
Re: Security, a process on a timeline
Thanks for your comment MDMConsult14! I definitely agree. I actually talked about this framework at a recent academic venue on security analytics to help promote the idea that we should be thinking about security solutions from the perspective of the entire threat spectrum. 
Zulfikar_Ramzan
50%
50%
Zulfikar_Ramzan,
User Rank: Apprentice
8/20/2014 | 6:17:44 PM
Re: Security, a process on a timeline
Great question Broadway0474 -- definitely one that keeps me up at night! I think applying lessons is the only hope we have of keeping bad guys at bay. But aside from that, the reason for emphasizing the after phase is that in many cases you won't be able to prevent a breach from occuring -- but what you can do in that situation is have the plumbing in place to respond to the breach effectively. Far too often, organizations spend weeks to months investigating a single incident. The questions they have to deal with, however, are fairly simple to ask (but can be challenging to answer in the aftermath of a breach). Continuous monitoring offers a way to short-circuit that time. If we can reduce weeks to hours, then we achieve a lot.
Broadway0474
50%
50%
Broadway0474,
User Rank: Strategist
8/21/2014 | 11:07:08 PM
Re: Security, a process on a timeline
I think I got it, Zulfikar. The "after" phase is more about having the systems in place to gather information and understand what went wrong. It still is a bit demoralizing to think about though --- defeatist even.
Zulfikar_Ramzan
50%
50%
Zulfikar_Ramzan,
User Rank: Apprentice
8/22/2014 | 5:35:47 PM
Re: Security, a process on a timeline
Broadway0474, it can definitely be unsettling to acquiese that despite our best efforts threats will get through. The goal is not necessarily to passively accept it, but to do two things. First, put measures in place so we can understand what happened when something gets through. Second, armed with that knowledge, rethink our basic defenses. I liken it to a security camera. A building may have existing defenses in place: locks, burglar alarms, motion sensors, etc. A security camera cannot inherently prevent a break-in (except to the extent that it acts as a deterrent in the physical world). But with a security camera in place, one can review footage and quickly figure out what happened during a break in. Many organizations ignore this after phase. So, they are never able to respond to existing breaches (allowing those breaches to do far more damage than they would have otherwise been able to do). More so, they don't have insight into how to put up better defenses (allowing the bad guys to exploit some of the same holes over and over again). I hope this helps clarify my position.  
Broadway0474
50%
50%
Broadway0474,
User Rank: Strategist
8/25/2014 | 9:45:57 PM
Re: Security, a process on a timeline
Zulfikar, I really like the security camera analogy. That really let me wrap my head around it. Thanks!
Zulfikar_Ramzan
50%
50%
Zulfikar_Ramzan,
User Rank: Apprentice
8/20/2014 | 6:21:06 PM
Re: Security, a process on a timeline
One approach to take Charlie, if you are developing an organization's IT security strategy, would be to first inventory what technologies you have in place today and then map that to the framework -- being careful to identify all the assets that you are trying to protect as well. Then you can begin to see whether you have any capabiity gaps (or areas where you've overinvested in a particular capability). You can also start to see whether technologies that cover one part of the framework can potentially "play nice" with other technologies. 
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/20/2014 | 6:45:27 PM
What about the hypervisor?
Zulfikar, Do you think it's logical or practical to include more analysis of what's going on at the virtual machine hypevisor level. Is that a good inspection point? Or is it too late, if you spot trouble there?
Zulfikar_Ramzan
50%
50%
Zulfikar_Ramzan,
User Rank: Apprentice
8/21/2014 | 6:16:58 PM
Re: What about the hypervisor?
Charlie, I think the hypervisor question is definitely relevant in the context of cloud. You will still want visibility at that level, but there may be different ways to achieve it. For example, VMWare's vSheid API allows you to achieve VM-level visibility from the host system itself (and many virtualization-friendly anti-malware technologies leverage this cabaility). The one nice aspect of virtualization is that being able to remediate threats is much simpler since you can revert back to a clean image or at least a clean snapshot. Of course, many caveats apply here since you might lose data, etc. There are also risks, certainly, of malware piercing a VM and compromising the host system (or of spreading among virtual instances in a given host). These situations don't occur often, but they are always a theoretical concern (especially in targeted corporate espionage type situations). 
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/22/2014 | 5:05:43 PM
No, not defeatest
Broadway0474: Disagree on "defeatest." It would be defeatest if that were the only thing you were resolved to do. If, on the other hand, you have numerous defenses in place and an attacker still gets through, it's wise to analyze afterwards and see what could be done better. Much better to conduct forensics and try to prevent the next breakthrough than to do nothing because it might be labeled the wrong approach or even "defeatest," after the fact.


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.