The rise of adaptive cybersecurity
GUEST NOTE: As the network perimeter blurs and attack surfaces expand for Australian organizations, it is becoming clear that a new defensive posture and approach is needed.
Practitioners know the dynamism of cybersecurity. Maybe that’s part of the reason they got into it in the first place.
Taking a single measurement, 55 common vulnerabilities and exposures (CVEs) were recorded on average every day last year, a record high. 2022 is already on track to surpass that. These vulnerabilities are spread across all of the technologies used by organizations. With systems and applications as interconnected as they are today, multiple vulnerabilities can be chained together by attackers to improve their chances of exploitation or to escalate attacks.
Attackers also have a greater choice of potential targets and entry points to choose from, while conversely, practitioners have more doors to protect and can limit traffic through their organization.
A recent study found that 75% of Australian businesses now live with a significantly increased attack surface. The biggest contributor to this is the increased use of web applications to interact with dispersed and often “location-agnostic” employees, customers, and other stakeholders. The increase in the number of endpoints inevitably widens the attack surface and exposes organizations to new vulnerabilities. Companies often aren’t aware of the status of all devices accessing their resources.
Additionally, the need to modernize and digitize infrastructure has led to the adoption of new technologies, further increasing the risk.
While Australian CISOs can say they have it all covered, the survey revealed that security maturity could well be further developed and nurtured.
But our research simultaneously shows that when you dig in and talk to people lower in the security hierarchy, reaction and response are inconsistent at best, and everywhere at worst.
Frontline security in SOCs is struggling to cope with the combined impacts of a rapidly expanding attack surface, changing architectures, more people working remotely, and ongoing digitization.
In short, current cybersecurity postures struggle to align with dynamic attack surfaces.
This must change.
Break the moat
Cybersecurity teams have traditionally focused on preventing all attacks, using what might be called a “castle and ditch” approach. The “castle” is the network of offices, protected by the “moats” (the perimeter of the network). Everyone inside the “moat” was trustworthy, but no one outside. A “drawbridge” lowered over the “moat” allowed control of traffic movements in and out.
It works on the assumption that people work in a closed and protected environment, accessing sensitive data and systems primarily from an office on company-owned devices.
Most organizations don’t work that way anymore. Only 18% of Australian businesses say they still have this traditional “castle and moat” defence.
The reason is that this defensive model simply does not work when the perimeter of the network becomes blurred. It also does not offer effective prevention against the increasing dynamism of the attack surface.
Adapt to change
A completely different approach to cybersecurity is needed.
The desirable end state—easier said than done—is to adopt an adaptive cybersecurity posture, supported by people, process, and technology—that is more responsive to the dynamism of the current cybersecurity landscape.
As research firm Ecosystm notes, “Anticipating threats before they arise and reacting instantly when attacks do occur are essential to modern cybersecurity postures. Being able to adapt quickly to the evolving regulations. Organizations must evolve to a position where monitoring is continuous, and postures can adapt, based on business risks and regulatory requirements. This approach requires security controls to detect, detect, automatically react and respond to access requests, authentication needs and external and internal threats, and meet regulatory requirements.
Adaptation is also likely to involve artificial intelligence in the future. A perfect example of an adaptive AI application for cybersecurity would be to be able to detect the presence of code, packages or dependencies that are impacted by zero-day flaws or other vulnerabilities, and block these. threat. It may still be a long way off – it would require a model, and enough time and data to train it. But it’s an example of the adaptive cybersecurity thinking and discussion that’s going on right now.
Tackle the attack surface
Although an adaptive cybersecurity posture is the end game, there are things Australian organizations can do in the meantime to better master their environments.
An intermediate goal could be to better protect web applications – the biggest contributor to Australia’s extensive attack surface.
To do this, development and security teams must embrace security as code and policy as code. Using a security-as-code approach allows developers to communicate runtime security assumptions to the application infrastructure during deployment. Limiting the types of requests an application must process can be more efficient because it allows input preprocessing at the edge of the application’s infrastructure, rather than inside the application.
Additionally, next-generation web application firewalls (WAFs) give teams more options to address threats. They allow security to be approached in a more automated way, by detecting and logging or blocking malicious request traffic before it reaches the web application.
Leveraging WAFs and Content Delivery Networks (CDNs) should be part of any holistic defense-in-depth security strategy and provide a pathway to immediate protection, as well as more adaptive forms of cybersecurity protection.