A lot of talk has been circulating recently about the importance of cyber resiliency and the need to protect critical infrastructure across all sectors. However, many people are still unsure about what this term really means, with some mistakenly equating it with prevention.
In reality, prevention and resiliency are two distinctly different concepts. Prevention focuses on keeping bad actors out of the network and preventing a breach from occurring. It’s like building a higher wall to keep criminals on the outside. While prevention-based solutions are necessary, they work against existing and known threats and techniques. As bad actors evolve their tactics, the never-ending game of “build a higher wall” continues.
On the other hand, cyber resiliency acknowledges that bad actors will inevitably breach the network. This means that everyone will experience a breach at some point. However, just because breaches are expected, it doesn’t mean that all is lost. With a cyber resiliency strategy, anomalies that occur due to breaches can be quickly identified and mitigated in near real-time, preventing significant damage from occurring.
Implementing cyber resiliency means designing systems that can withstand and recover from cyber attacks. Just like airplanes are designed to stay airborne even if one engine fails, our cyber defenses should be designed to be self-healing and fault tolerant. To effectively implement cyber resiliency, organizations need to understand how cyber attacks work and be able to proactively identify the earliest signs of a breach.
One key aspect of effective cyber resiliency is the ability to identify outbound communication with adversary infrastructure. By inspecting all outbound communication activity and knowing what is and isn’t adversarial infrastructure on the Internet, organizations can quickly identify the earliest signs of a breach. This includes monitoring outbound DNS requests, as more than 90% of all attacks today use DNS as the mechanism to communicate with adversary infrastructure.
To achieve true cyber resiliency, organizations must be proactive in identifying potential nefarious infrastructure. By gathering data from authoritative sources and assembling it into a constantly updating and evolving graph database, organizations can predict which domains or infrastructure will be used for nefarious purposes in the future. This proactive approach allows organizations to be prepared for the next attack, even if they don’t know where it will come from or how the bad actors will break in.
David Ratner, CEO of HYAS, emphasizes the importance of getting proactive and constantly updating and evolving the data to achieve true cyber resiliency. With his expertise in software and technology, he leads the vision and mission of HYAS to bring game-changing solutions to clients around the world.
In conclusion, cyber resiliency is about acknowledging that breaches are inevitable but implementing strategies to quickly identify and mitigate breaches in near real-time. By understanding how cyber attacks work and proactively identifying potential nefarious infrastructure, organizations can level the playing field and escape the unwinnable cat-and-mouse game of cyber attacks.