There is a humongous amount of data that is available in the cyber security industry, today. Although it was incredible a few years ago today, however, the whole industry is operating on very less insights that are derived based on this data and this should be changed.

“Cyber security is pretty complex – technology is evolving and hackers are becoming more inventive resulting in increased focus and dedication towards cyber security,” says Navdeep Singh Ahluwalia, Head Network & Information Security, Dalmia Bharat Group.

Cyber resilience of any company needs a data-driven defense strategy which is converted in a technical solution. This solution is sophisticated enough for acting as the digital immune system to the Information Technology environment. A digital immune system is adaptable & keeps evolving continuously, which is similar to a human immune system. It is critical that this system holds the capability to deal with unknown attacks.

Although in the physical world, if a virus is destroyed, it will not have the capability to deal with the same type of attack multiple times. However, when a system does not evolve multiple times it would not have the ability to deal with several new types of threats. And, once your digital immune system doesn’t get adapted to the new and different kinds of mutations, it will quickly become highly ineffective & obsolete. Thus, this is where such a system needs SOCs for transitioning from focusing on using static IOC’s as detection logic to more abstract means for detection on a TTP level. This for instance comprises detection logic like ML algorithms, behavioral detection models as well as the implementation of rules which model behavior.

Detection, Prevention & response is not just a complex activity but it is also an ever evolving set of functions, which may need several types of components for working together & be get re-aligned frequently.

There is a unique approach called systems-thinking approach to cyber security and organizations should focus on the way how the constituent parts of any system are interrelated & work together as a system to provide the complete solution & this approach results in a highly-effective solution rather than when technology is applied in isolation. When the systems-thinking approach is further enhanced with data, intelligence from frontline experts as well as data-science techniques, it will lead to building meaningful insights which guide the design of the solutions & technology. This data-science led approach facilitates in addressing the ever-evolving threats as well as tactics by adopting the defenses & optimizing the overall cyber resilience.

The important components of the digital immune system

External threat intelligence: a change in the threat segment may need a response to the immune system. Changes comprise newly discovered vulnerabilities that include Solarwinds, Exchange or activities from a group such as SilverFish.

Changes in attack methods & groups such as EvilCorp that is refraining from implementing Dridex, however rather implement drive-by downloads for getting an initial foothold & updated threat actor intelligence.

How to start your own digital immune system

It is better to start small, enhance & extend in order to begin your own digital immune system. For instance, begin with tracking appropriate vulnerability news, and observe how it applies to your firm & what exactly should be the next step. Then extend this for instance to consist of the operational output of a Managed Detection & Response (MDR) service, from your own Security Operations Center, or from attack simulation outcomes.

One such company that helps in operating a digital immune system for clients as part of the Managed Detect & Response Service is Hunt & Hackett. While companies can either accelerate or replace security office of its clients by its multidisciplinary team of experts if any critical components are missing in your digital immune system, whether it is threat modeling, detection & response, or validating, the company can help in implementing and managing it. Furthermore, the company enables in extracting information from the current information sources & changes it into insights that are meaningful, which makes it a driving force for the digital immune system.

In a nutshell

When a potential new incident is detected through detection capabilities & via the Security Operations Center/Breach & Attack Simulation run highlights a new vulnerability in the chain of security controls, it renders an important insight which has to be implemented for adjusting & enhancing the overall defense system. Once these insights are put together it will not only show the best course of action, but, it will form the feedback loops by which the system is constantly fine-tuned as well as enhanced wherever necessary. Some solicit a large response from all involved parties, while others require almost no action.