P2P

Spring25

Peer to Peer: ILTA's Quarterly Magazine

Issue link: https://epubs.iltanet.org/i/1533864

Contents of this Issue

Navigation

Page 37 of 69

38 TIME MATTERS Why are there three distinct controls? Are they equal? Are all three needed? To answer these questions, we need to look at the concept of Time-Based Security. We can assess the effectiveness of our security posture by measuring and comparing the relationship between these three topics. Security processes are adequate if Protection Time is greater than the sum of Detection Time and Response Time, or P > (D+R). Security is lacking or missing if there is no detection and/or response time. If a bank has an alarm system that takes two minutes to alert the police, and the police take five minutes to respond, then the bank needs to have enough security controls to outlast the seven minutes of the heist attempt. If the detection, police, or both get delayed, the time required to protect the assets increases accordingly. The same idea applies to security detections and responses. You need all three to fend off attacks. Weakness in one area can impact overall protection. Remember that security is a 24/7 responsibility. Does your detection and response time drop after hours or on the weekends? These different detection and response times should factor in as well. It is human nature to put our best numbers to the test, but the TAs will put your worst numbers to the test—all the time. We see this in the annual increase in cyber- attacks around the end-of-year holidays in the United States. GUIDED WALKTHROUGH We can now look at an example of possible security controls within the Cyber Kill Chain framework. Imagine a small company with no remote work capabilities or cloud services installs EDR on all endpoints and sets workstations to auto-update weekly. A next-generation firewall (NGFW) provides security services and content filtering. By mapping our controls against each category of the Cyber Kill Chain, a network security blueprint begins to appear. Notice that tasks, instead of products, are listed here. Focusing on the functions allows you to review your technology without product comparisons or the presence of competing vendors. Looking at Chart 2, what happens if the NGFW fails to stop at the Delivery stage? Well, our defenses now look something like Chart 3. CHART 2 IN-DEPTH BLUEPRINT This guide is the product of over a decade of working with hundreds of clients. SecurIT360's Security Operations Center (SOC) is continually processing Terabytes of telemetry as the attackers innovate new ways to defeat the latest defenses. https://pdf. cybersecuritytoday.io/ blueprint-to-defense-in-depth n SECURITY INITIATIVES Y o u r B l u e p r Your Blueprint Joey Vandegrift, VP of Security Operations D e f e n s e I n D Defense In Depth

Articles in this issue

Links on this page

Archives of this issue

view archives of P2P - Spring25