Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Cyber Resilience Chasm

Kennedy Torkura
November 28, 2023
0
25

The Cyber Resilience Chasm

🔥 Heard about the Cyber Resilience Chasm? 🔥

👉 Let me explain: as security organizations gain more access to resources, they equally grow in maturity.

⭕ Normally, a security organization's maturity would be reflected in its ambitions and achievements. These would be demonstrated by tailoring efforts towards achieving compliance and cyber security goals. The level of achievement heavily hinges on the organization's bias: security-driven or compliance-driven ...in rare cases, there is a nice balance.

⭕ Now comes the main point -> cyber resilience is often left out of this bias due to some misconceptions. While some security organizations wrongfully assume Cyber resilience is automatically fulfilled via cyber security (think inheritance ), other security organizations continuously shift forward the time to consider cyber resilience. It is commonly thought that cyber resilience is an option to be ONLY considered when the security organization achieves a certain security maturity point - X.

💥 Huge misconception right there: security maturity point X never comes or arrives too late, often via a much more costly process (e.g. as part of a post-breach effort). In the meantime, attackers continually evolve and breach the organizations' defenses successfully.

⭕ Importantly, every security organization has a single objective 👉 KEEP THE BUSINESS SAFE FROM MALICIOUS ACTORS. Compliance, cyber security, and cyber resilience are means to achieve this objective. Hence, security resources would need to be balanced across this means to achieve the security objective. Determining when to start with cyber resilience is agreeably challenging, but the decision needs to be made, primarily due to the inevitability of cyber attacks.

Kennedy Torkura

November 28, 2023
Tweet

More Decks by Kennedy Torkura

See All by Kennedy Torkura
Outcome vs Output Security Approaches
ktorkura
0
200
Cloud Attack Emulation for Mere Mortals
ktorkura
0
91
Fast-tracking DevSecOps Maturity With Security Chaos Engineering
ktorkura
0
310
Enhancing Cloud Detection & Response with Security Chaos Engineering
ktorkura
0
50
CERT Resilience Management Model
ktorkura
0
80
Security Experimentation Builds Resilience
ktorkura
0
27
Security Chaos Engineering for Fun & Profit
ktorkura
0
43
Risk Driven Fault Injection
ktorkura
0
87
Chaos_Engineering_for_Cloud_Native_Security.pdf
ktorkura
0
94

Featured

See All Featured
Making the Leap to Tech Lead
cromwellryan
133
8.9k
Docker and Python
trallard
40
3.1k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
KATA
mclloyd
29
14k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
880
Scaling GitHub
holman
458
140k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Side Projects
sachag
452
42k

Transcript

  1. The Cyber Resilience Chasm 1 @run2obtain

  2. Cyber Resilience Chasm 2

  3. Cyber Security At its core, cybersecurity is the practice of

    protecting systems, networks, and programs from digital attacks. Key Reasons for the Cyber Resilience Chasm Misunderstanding the Role of Cyber Security, Compliance & Cyber Resilience Cyber Resilience The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems. @run2obtain Compliance Adherence to laws, regulations, and guidelines designed to protect user data and privacy. 3

  4. Huge Challenge Several organizations are challenged with how to enable

    cyber resilience even after achieving commendable levels of cyber security. Enabling Cyber Resilience Huge Misconception An organization needs to achieve 100% cyber security maturity or a near perfect cyber security maturity before considering cyber resilience. @run2obtain 4

  5. Cyber Resilience Chasm @run2obtain Cyber Security (including compliance) goals, objectives,

    design principles, techniques Cyber Resilience goals, objectives, design principles, techniques 5

  6. Overcoming the Cyber Resilience Chasm @run2obtain 6

  7. Overcoming the Cyber Resilience Chasm @run2obtain o Understand the differences

    between cyber security, compliance and cyber resilience. o Implement practical measures the demonstrate these differences o People o Processes o Technology o On the technology side o Assess cyber resilience posture o Identity gaps o Implement countermeasures o Strike a balance between compliance, cyber security & cyber resilience 7 https://www.mitigant.io/blog/leveraging-security-chaos- engineering-for-cloud-cyber-resilience-part-i

  8. Overcoming the Cyber Resilience Chasm @run2obtain o Understand the differences

    between cyber security, compliance and cyber resilience. o Implement practical measures the demonstrate these differences o People o Processes o Technology o On the technology side o Assess cyber resilience posture o Identity gaps o Implement countermeasures o Strike a balance between compliance, cyber security & cyber resilience 8 https://www.mitigant.io/blog/leveraging-security-chaos- engineering-for-cloud-cyber-resilience-part-i

  9. Overcoming the Cyber Resilience Chasm @run2obtain o Understand the differences

    between cyber security, compliance and cyber resilience. o Implement practical measures the demonstrate these differences o People o Processes o Technology o On the technology side o Assess cyber resilience posture o Identity gaps o Implement countermeasures o Strike a balance between compliance, cyber security & cyber resilience 9 https://www.mitigant.io/blog/leveraging-security-chaos- engineering-for-cloud-cyber-resilience-part-i

  10. Overcoming the Cyber Resilience Chasm @run2obtain o Understand the differences

    between cyber security, compliance and cyber resilience. o Implement practical measures the demonstrate these differences o People o Processes o Technology o On the technology side o Assess cyber resilience posture o Identity gaps o Implement countermeasures o Strike a balance between compliance, cyber security & cyber resilience 10

  11. Example : Cyber Resilience Efforts Against TeamTNT @run2obtain TeamTNT is

    a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments. 11

  12. ATT&CK Tactics & Techniques Mapped to TeamTNT @run2obtain 12

  13. Map the Relationship With the ATT&CK Tactics & Techniques AND

    CREF @run2obtain o The CREF Navigator provides several excellent mappings ! o Get the mapping between the ATT&CK tactics & techniques used by TeamTNT and CREF Techniques. o Choose a CREF technique, here we choose Adaptive Response 13

  14. Select A CREF Approach Here we pick Adaptive Management, which

    is about changing how mechanisms are used based on changes in the operational environment as well as changes in the threat environment i.e. change in response to change. @run2obtain Source: NIST SP 800-160 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf 14

  15. Adaptive Management : Examples • Disable access dynamically. • Implement

    adaptive authentication. • Provide for the automatic disabling of a system or service. • Provide dynamic deployment of new or replacement resources or capabilities. • Use automated decision-making supported by artificial intelligence (AI) or machine learning (ML) for rapid response and dynamic changes when human operators are not available. • Create a temporary incident-focused team reporting structure within an SOC. @run2obtain 15 Source: NIST SP 800-160 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf

  16. Relevant ATT&CK Tactics, Techniques & Mitigations • Take note of

    the relevant ATT&CK Tactics, Techniques & Mitigations. • Security resources can be focused on these to reduce alert fatigue while enhancing detection engineering efforts and SOC team’s effectiveness. • Adversary emulation and threat hunting efforts can also zoom in on these ! @run2obtain Source: NIST SP 800-160 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf 16

  17. Cloud Attack Emulation is Critical to Cyber Resilience • Cloud

    attack emulation is a critical component of cyber resilience. • Adversary emulation is an intentional implementation of the Anticipate goal of cyber resilience. • Leverage the Mitigant Cloud Attack Emulation platform to enable cyber resilience. @run2obtain 17 https://www.mitigant.io/cloud-immunity

  18. Next Steps ? Several Possibilities ! • You might want

    to take on the nest CREF Approach under Adaptive response technique -> Dynamic Reconfiguration. • Alternatively, you can pick another CREF technique related mapped to TeamTNT. • Or as your threat model, threat intelligence etc. indicate .. @run2obtain Source: NIST SP 800-160 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf 18

  19. That’s all folks ! What are you thoughts? Check out

    my other LinkedIn posts & follow me ! @run2obtain https://www.linkedin.com/feed/upd ate/urn:li:activity:710639542294797 5168/ https://www.linkedin.com/feed/update/urn:l i:activity:7044716108204920832/ https://www.linkedin.com/feed/update/urn:li:activ ity:7123633525651574784/ https://www.linkedin.com/feed/updat e/urn:li:activity:712111184694153216 3/ 19

  20. The Cyber Resilience Chasm @run2obtain 20