Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/8/2019
02:00 PM
Craig Harber
Craig Harber
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

For Cybersecurity to Be Proactive, Terrains Must Be Mapped

As in any battle, understanding and exploiting the terrain often dictates the outcome.

The best prevention capabilities don't lead to the best cybersecurity. The trouble is, most security teams don't even have a full understanding of the terrain they're trying to defend, which makes it impossible to move to a more effective, proactive cybersecurity posture.

As more networks incorporate the cloud and an increasing number of Internet of Things devices, the challenge of understanding the full cyber terrain is only growing. That's why now is the time for security teams to focus on knowing what they have to protect, by thinking about what their adversaries are after. Patching yesterday's problems doesn't necessarily prevent tomorrow's attack. The future is a terrain and threat landscape that is continuously shifting at a rapid pace. Security teams must focus on the very, very specific things that the vast majority of cyber weapons systems are implemented to attack. And teams need the ability to definitively measure the impact of the specific assumptions, hypotheses, and decisions they make in this effort. To do any of this, they must have a complete understanding of their cyber terrain.

Understanding Cyber Terrain
The cyber terrain is the sum of all of operational assets, security controls, data assets, and overall decision-making within an organization. It's a cumulative topography of an organization's cybersecurity posture. It might sound like a basic notion, but cyber terrains are difficult to understand because they're inherently malleable, changing dramatically after new capabilities are introduced, new decisions are made or based on whether adversary approach vectors are closed or opened.

A lack of visibility across their entire terrain was reported as a major security pain point for 53% of organizations, according to Fidelis' "State of Threat Detection" report. This disconnect between recognizing the urgency of monitoring their networks and actually executing attempts to do so points to an industrywide gap in understanding how critical mapping out the cyber terrain truly is.

In real-world conflicts, people often rely on their home-field advantage, scoping out their entire terrain so that the enemy struggles for visibility. In cybersecurity, it's the enemies that too often have the "high ground" and strategically use "cover" and generally benefit from the environment, leaving the companies they're infiltrating at a disadvantage. For example, the adversary can perform active reconnaissance of the network, such as port scans, to understand terrain prior to an attack and in some cases, have a better understanding of the terrain than the network defenders.

Where real-world conflict and cyberattacks diverge greatly is in the rate of adaptability. Unlike physical battlegrounds, cyber terrains change instantaneously and so their particular advantages can too. Organizations typically understand how adversaries exploit this; however, fewer understand how to weaponize this potential liability for their own protection.

Gaining a Holistic View
An organization that cannot see its entire cyber terrain will fail to defend it properly. Over 55% of organizations report lowered confidence in their ability to identify insider threats as result of not having control over blind spots. Companies cannot defend terrain they cannot see. To correct this, enterprises must follow three key steps to gain a holistic view of their cyber terrain: discovery, mapping, and prioritizing deep visibility.

Discovery is a ballet of strategy, inventory, and evaluation. Organizations need the ability to continuously discover, classify, and assess assets — including servers, enterprise IoT, laptops, desktops, shadow IT, and legacy systems. The software installed on these individual assets must also then be identified, run through vulnerability assessments and tagged if deemed a vulnerability — data must be continuously collected and analyzed; otherwise, attackers can take advantage of the seams created between scans.

At a time when only about 7% of organizations believe they're using their security stack to its full capability, it's more important than ever to "Marie Kondo" the network infrastructure. After discovery, companies will be able to map out what their current and desired capabilities are, making redundancies clear. Security holes in their cybersecurity framework will also become increasingly clear so they can operationalize capabilities against existing threat frameworks, such as National Institute of Standards and Technology's Cybersecurity Framework, MITRE's ATT&CK framework, or the Department of Defense's DoDCAR framework. These frameworks are easily digestible for organizations struggling to inform their larger security strategy and will allow them to better assess what cyber capabilities they have and which they lack.

Companies may become complacent after gaining a thorough understanding of assets, capabilities, and vulnerabilities, but to stop here would be to forget the basic notion of how inherently malleable cyber terrains are. At this stage, enterprises must invest in deep visibility, which means they must dig through rich, indexable metadata to provide content and context around security incidents. In this way, organizations will become better able to highlight potential or existing attack vectors.

Capitalize on the Advantage
Only after understanding the basic concept of the cyber terrain and fully achieving a holistic view can organizations truly capitalize on their home-field advantage. Just as in any war, organizations can strategically set up deception techniques full of ambushes and traps to prevent threat actors from causing damage. Newly emerging strategies open up a world of possibilities, allowing organizations to set up honey pots or decoys or even leave breadcrumbs for attackers to follow. As in any battle, whether in cyberspace or not, understanding and exploiting the terrain often dictates the outcome.

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Active Directory Security Tips for Your Poor, Neglected AD"

As Chief Technology Officer at Fidelis Cybersecurity, Craig Harber directs the product strategy for the organization, ensuring that the technology developments align and complement the frameworks at the forefront of the industry. This follows a distinguished career at the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kratiw
50%
50%
kratiw,
User Rank: Strategist
10/9/2019 | 10:44:15 AM
IT Asset Management - It's Not Just About Counting Things
I would strongly encourage, no, beg, IT security departments and the executive team to adopt IT asset management. IT security continues to dance around the ITAM solution, either by relegating ITAM to inventory management, or to cherry picking ITAM responsibilities. There are way too many benefits of ITAM, for the entire company, to develop silos of ITAM implementations.

 
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.