The “boom” is the breach, the attack, the thing data security nightmares are made of. Recently, the context for security breaches—or booms—has expanded to include those events that take place before and after an attack. In other words, breaches include the set of events that take place before an attacker penetrates your IT environment (or left of boom) and the response and recovery efforts that happen after an attack ensues (or right of boom.)
Operating left and right of boom
Constantly looking for vulnerabilities to exploit, threat actors can spend months inside your business landscape, waiting for the right moment to attack. The less dwell time a bad actor has inside your environment, the less risk there is to your financial, data, and IP assets. A left-of-boom strategy can deter an attack altogether, while a right-of-boom strategy can speed restoration and recovery while minimizing business disruption.
Left of boom, effective attack surface management can help security professionals detect and respond when a threat approaches or permeates the network, cloud, or physical business environment. Right of boom, response, and recovery strategies determine how quickly and thoroughly the business responds to and contains an incident. There are two basic components that help buttress your business from a boom:
- An effective attack surface management program helps monitor and defend assets against attack.
- A robust incident response plan ensures you respond efficiently AND effectively in order to minimize the impact of the “boom” on your organization's data assets.
Left of Boom
Attack Surface Management
Assets, identities, and threats: Securing your attack surface starts with identifying organizational assets—including those that are inside the business, external to the business, and housed with supply chain partners. Training employees to protect their identities and accounts is crucial. As users, devices, and workloads are added to your environment, continuous testing for vulnerabilities reduces the risk of exposure. Using such defensive measures as firewalls, micro-segmentation, and a least-privilege model helps reduce complexity and thwart would-be attackers. Over time, continuous attack surface management keeps assets free from attack and allows for easier prioritization and mitigation of threats.
Right of Boom
Incident Response and Incident Recovery Operations
Incident response plan: Regardless of cyber threats against your organization, a robust incident response (IR) plan will help you address those threats and recover your organization’s operational capabilities in the event of a cyber incident. During an incident, having a plan for threat containment, investigation and forensics, and threat eradication is key; equally important are the next phases in the plan, which include recovery operations (to get your business operational again) and a formal review of lessons learned. Initial development of this plan and iteratively testing the plan over time with not only your cybersecurity and IT teams but also other business leaders from within your organization such that everyone understands their role, communication strategy, and more will not only instill confidence internally that your organization is prepared but you will actually be prepared.
Four Considerations for Avoiding a BOOM!
To determine how well-positioned your business is to stop an attack and protect your assets, thereby avoiding the BOOM, ask yourself the following questions:
- Detection: How well are you detecting potential threats external to your organization, in your private network, and within your cloud environments?
- Response: How quickly can you respond to and contain a security incident?
- Recovery: How fast can you get back to a fully operational status post-attack?
- Resilience: What failsafe pathways, like immutable backups, can you put in place to insulate your organization from ongoing threats?
Solutions II can help optimize your security position left and right of Boom. Our Adaptable Data Center® (ADC) framework provides a roadmap that simplifies the complexity of IT and security infrastructures while protecting and increasing the value of your data and business assets. Looking for more information on how to deter the effects of a security BOOM? Leave a comment or contact us for more information.
CISO & Security practice Leader at Solutions II
Other recent articles by Jason Norred:
Download our eBook: Adaptable Data Center®, a New Perspective