Cyber Defense

Where to Start Cyber Defense?

Human Error

Credential Management

Perimeter Protection

Threat Intelligence

Threat Hunting

Bring Your Own Device (BYOD)

CVE Entries

Coronavirus

Zero Trust Privilege

Zero Day Variants

Sandboxing

Malware/Ransomware

Digital Transformation

GDPR Compliance

Email Impersonation

Next Generation Threat Landscape

Infrastructure Resilience

Machine Learning/Deep Learning

Dwell Time

Incident Response Plan

Security Posture

Vendor Management

Extreme Weather

Cybersecurity Framework

HIPAA/GLBA/COPPA/CCPA

Malware-as-a-Service (MaaS)

Workforce Evolution/Retention

Many readers remember Aesop’s infamous tale of the Hare and the Tortoise.  It was the Tortoise who challenged the Hare to a race.  The race begins, the Hare eats and tires, and the Tortoise wins.  The morals of the tale are slow and steady wins the race. Cybersecurity defense has many variants and many solutions, but slow and steady do not win races.  The race (i.e., cybersecurity breach) is continuous; the post-incident environments are tumultuous; some hackers are autonomous and practiced as well as rancorous; the terrain/landscape is littered with cloud infrastructure, BYOD mobile devices and Internet of Things (IoTs); governance models infrastructure; the ecosystem is interdependent.

Tour de France is symbolic with tenets of the next generation threat landscapes and interdependencies.  The Tour de France is an annual event that features predetermined routes, opulent scenery, 2,200 miles of rugged landscapes,  male riders,  8-9 team members and 23 days to complete.  There are three stark differences between the Tour de France and a cybersecurity breach. First, having “finite” days to complete the Tour de France is noteworthy.  On the other hand, a cyber incident may take several minutes, several hours or several years to be identified, which is referred to as dwell time.  Chase Snyder’s blog mentions, “Dwell time is the dirty metric nobody wants to talk about.”  Dwell time comprises of an intentional or unintentional vulnerability that had been exploited, unabated and undetected. Furthermore, when the intentional or unintentional vulnerability is removed or contained, the cessation of dwell times ends. Protracted dwell times are responsible for  significant data exfiltration. There are several cyber incidents with extended dwell times, such as Ebay, Heartland Payment Systems and Yahoo.  The latter company had 3B passwords hashed using a bcrypt algorithm according to Taylor Armerding.  The brycpt algorithm is a variant of the Blowfish cipher.   Second, once a cyber security incident has been identified and verified, teams are deployed in response to an incident response plan or guideline (i.e., NIST Cybersecurity Framework).

For a small infrastructure (1-25 employees), a risk assessment is practicable and vulnerabilities are certain, this is a plug for a cybersecurity researcher.  For a journey (larger infrastructure) of 2,200 miles, diverse teams are pivotal to traverse rugged terrain in conjunction with machine learning.  Cyber security is never ending contrary to off-site computing.  Finally, zero day attacks are evasive.  Artificial Intelligence (AI), deep learning, is being deployed for anomaly detection ahead of evolving threat landscapes.  In this final summary, the elusiveness of zero attacks equates to the ruggedness of the Tour de France. The ruggedness of the Tour de France is attractive and draws celebratory crowds.  La Course by Le Tour de France is on my evolving bucket list next to a finalist in Toastmasters International World Champion of Public Speaking.  Data infiltration is not picturesque, but it does produce notable behaviors, signaling immediate attention.

Are We There Yet?

Aesop’s tale of the Hare and the Tortoise demonstrates that speed is not the enduring characteristic of the hero.  Since 1912, the Tortoise, not the Hare, was proscribed as the hero.  The Tour de France true appeals are ruggedness and regularity.  Ruggedness, speed and irregularity are characteristics of cyber defense.  In conclusion, cyber defense is attached to data lifecycle management, security posture and vulnerability management. No, we are not there yet; however, we are researching the marriage of security postures, vulnerability management, Defense-in-Depth (DiD) and compliance to mitigate evolving threats.

Resources:
Armerding, T. “The 18 biggest data breaches of the 21st century.” 20 December 2018. CSO, https//www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html. Accessed 07 February 2020.
“bcrypt.” 31 December 2019, Wikipedia, The Free Encyclopedia, Wikipedia, The Free Encyclopedia. https//en.wikipedia.org/wiki/Bcrypt . Accessed 6 February 2020.
Dark Reading. “New Cyber Research Records a 91% Reduction in Dwell Time for Users of Deception Technology.” 15 August 2019, Dark Reading, https//www.darkreading.com/attacks-breaches/new-cyber-research-records-a-91–reduction-in-dwell-time-for-users-of-deception-technology/d/d-id/1335534. Accessed 8 February 2020.
Epic.org.”Equifax Data Breach.” 6 February 2020, https//epic.org/privacy/data-breach/equifax/. Accessed 6 February 2020.
FablesofAesop.com. “The Hare and The Tortoise.” Updated 26 March 2019, JBR Collection, Fablesofaesop.com, http//fablesofaesop.com/the-hare-and-the-tortoise.html. Accessed 6 February 2020.
GDPR.eu.”What is GDPR, the EU’s new data protection law?” 25 May 2018, https//gdpr.eu/. Accessed 7 February 2020.
Green, A. “Complete Guide to Privacy Laws in the US.”  19 December 2019, Compliance & Regulation, Varonis, https//www.varonis.com/blog/us-privacy-laws/. Accessed 7 February 2020.
Olga Berrios. puzzle. Flickr. 27 July 2008. https//www.flickr.com/photos/ofernandezberrios/ Accessed 6 February 2020.
National Conference of State Legislatures. “Data Security Laws| Private Sector.” 29 May 2019, NCSL, https//www.ncsl.org/research/telecommunications-and-information-technology/data-security-laws.aspx. Accessed 7 February 2020.
NIST. “Cybersecurity Framework.” Updated 10 August 2018, NIST, https//www.nist.gov/cyberframework/online-learning/five-functions. Accessed 6 February 2020.
NIST. “Framework for Improving Critical Infrastructure Cybersecurity version 1.1 (2nd Draft)” 15 December 2017, Computer Security Resource Center, NIST, https//csrc.nist.gov/publications/detail/white-paper/2017/12/05/cybersecurity-framework-v11/draft. Accessed 7 February 2020. 
“Security 101: Zero-Day Vulnerabilities and Exploits.” 2 October 2019. Trendmicro.com, https//www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/security-101-zero-day-vulnerabilities-and-exploits . 7 February 2020.
Spoden, C. “BUILD FROM THE GROUND UP:DIFFERENTIATING BETWEEN POLICIES, STANDARDS, PROCEDURES, AND GUIDELINES.” 22 August 2017, FRSECURE, https//frsecure.com/blog/differentiating-between-policies-standards-procedures-and-guidelines/. Accessed 8 February 2020.
Snyder, C. “WHAT IS DWELL TIME IN CYBERSECURITY?” Updated 21 May 2019, https//www.extrahop.com/company/blog/2017/dwell-time-new-security-metric/. Accessed 7 February 2020.
“The Tortoise and the Hare.” 5 February 2020, Wikipedia, The Free Encyclopedia, Wikipedia, The Free Encyclopedia. https//en.wikipedia.org/wiki/The_Tortoise_and_the_Hare. Accessed 6 February 2020.