Where the goal of cyberprevention has been to reduce the probability of an attack against the organization, cyber resilience looks to reduce the impact of these attacks through cyber risk management. Assuming that a breach is likely, cyber resiliency of systems and networks is needed to ensure mission survivability in a cyber-compromised environment.

Security controls should be viewed not as complete protection against attack, but rather as a means of maneuvering the adversary into attacking a target of the organization’s choosing, and also as a means of proactively managing the impact of network penetrations.

During the 2013 network intrusion prevention system (IPS) group test, average security effectiveness (which factors in exploit block rate, anti-evasion capabilities, and stability/reliability) across the ten products tested was 94 percent. During the 2013 next generation firewall (NGFW) group test, eight out of nine products scored more than 90 percent for security effectiveness. The highest security effectiveness score in that test was 98.5 percent.

However, it is not the 98.5 percent that is caught that is the issue, it is the 1.5 percent that is missed. If even a small fraction of that same 1.5 percent of current threats is missed by the NGFW, IPS, and endpoint protection (EPP) system, then we have the beginnings of a breach. Digging through security logs won’t help you either – how can a device tell you what it missed?

But what if that information was available to you?

A new analyst brief written by myself and Chris Morales examines the issues around cyber resilience in more detail and offers insights into how networks might be architected to improve resilience. More interestingly, it also suggests ways in which organizations can predict with a high degree of accuracy the targets of sophisticated attackers by answering a few key questions:

  • What are the attacks that are being used by threat actors today?
  • Which of those attacks are effective against the business applications deployed in the network?
  • Which of those attacks are capable of bypassing deployed defenses?

If you’d like to find out more, join us at Black Hat USA (Las Vegas, August 5 – 7).