Network defense and management for the past two decades has focused primarily upon reactionary responses to security breaches or “exploits.” Determining whether an attack has occurred is a forensic rather than a proactive activity.
Continuation of a reactive defense paradigm allows our adversaries to enjoy a more or less permanent offensive advantage and leaves us vulnerable to novel attacks not previously experienced and accommodated within our current defensive structures. In other words, Situation Awareness without predictive and dynamic responsive capabilities will continue to leave us relatively unprepared for the scenarios we are likely to face in the near future.
Cyber Security must be an integrated discipline in order to work... |
Another facet of the problem relates to the nature of Network Defense and attack as a collaborative activity. Network attack is and already has been collaborative in nature for more than a decade; however most network defense implementations are still highly segmented. This also provides a significant advantage in information sharing and freedom of action to Cyber adversaries.
This becomes particularly important when we consider the relative complexity required to support federated defensive collaboration as opposed to the relative simplicity required to mount a coordinated, distributed attack. The natural advantage again resides with our adversaries. This advantage is both technical and economic in nature, which is why Cyber attack represents perhaps the lowest cost option for asymmetric operations (i.e. the relation of the cost of organizing an attack versus the potential cost of damage inflicted).
Over the past decade, Computer and Network defense has consisted of ever-increasing levels of perimeter controls and sensors as well as identification and sharing of specific exploit “signatures.” The exploits represent specific attacks at the OS, application or network level and their signatures are derived from incident histories. While this represented a major breakthrough when it was first introduced nearly a decade ago, the incident focused perspective of network defense may now be hurting us more than helping us prepare for current and future scenarios by obscuring a larger invisible threat.
An analogy helps to place the issue in context – “while an army has specific capabilities relating to its various weapon systems, training and logistics support elements; ultimately it is an intricate combination of all factors that eventually become synthesized into specific tactics and strategies.”
Incidents or exploits detected in network attacks are but individual elements within an arsenal of Cyber-weapons or capabilities and by themselves are not as meaningful as the manner in which they may be employed or orchestrated. Incidents are in fact part of larger “Event Patterns” which may in turn be part of Cyber tactics and strategies.
Copyright 2012, Semantech Inc. All rights Reserved
0 comments:
Post a Comment