If we look with naked eyes, there is just one world. But, look at it with the glasses of IT professionals. It will become clear that there are two worlds. The real world and the virtual one. There are criminal minds in networked computer world almost same as in the real world. These criminals are continuously evolving. The security approaches must also evolve like Intelligence-driven computer network defense example.
During the past several years, we heard a lot of news about data breaches and cyber attacks. It is so hard to spot the exact source of the these cyber criminals. Technological capabilities came to a common point that the recent security approaches have not enough abilities to protect the data and critical infrastructure systems. A new strategical point of view must be developed and structured with base of proactive security.
There is a study of Eric Hutchins and his colleagues about intelligence-driven computer network defense. This study had been made in 2010 and shared in the 6th International Conference of Information Warfare and Security. The incidents and events which occurred nowadays are proofing the importance of the study.
According to the study, the steps of an attack (kill chain) are separated to seven phases.
- Command and Control (C2)
- Actions on Objectives
Classical Risk-based security
Classical Risk-based security approaches behave as reactive format. They can mostly detect the existence of adversaries when the consequences emerged. The major study -named incidence response-covers the calculating the loss of data and its side effects. Risk-based tactics are about the Installation, C2 and Actions phases listed above.
Intelligence-driven computer network defense
Intelligence-driven computer network defense proactive security approaches suggest to get focus on the primary phases (Reconnaissance, Weaponization, Delivery). Common attack types have common influence techniques and the symptoms are nearly same.
These two different ideas made me to remember one of the Sun Tzu’s quotes “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
IT security strategies are somewhere between these positions. It is true that they can mostly protect their assets and gaining victory but no one can claim that they are not suffering. The enemy must be analyzed more than today. The real success -victory will be able to come by combining the Intelligence-driven computer network defense and risk-based security techniques. Some efforts are being observed about this new doctrine. The Confer is one of them. You can look through their web site and FAQ section about their collaboration system.
The full study of Eric Hutchins and his colleagues can be read on this web address.