Current Cybersecurity Approaches are Becoming Ineffective
Many organizations try to deal with cybersecurity threats by focusing inwardly. They conduct vulnerability assessments, attempt to map out their networks in detail, and try to put in place robust patch-management processes. The focus is on compliance with regulations and efforts to monitor networks and systems continuously. While this approach has some benefits, it is ineffective against many cyber threats.
 Senior Vice President and Chief Security Officer Gary Gagnon describes evolving threat-based defense concept to MITRE staff. |
There are several reasons for this. Most corporate networks are too large and complex to comprehensively map out; it's simply too difficult to identify all of the assets on such large networks. It's equally difficult to identify all of the vulnerabilities on such networks; there are always undiscovered vulnerabilities in software that can be exploited. Additionally, cyber wrongdoers today are sophisticated, well-funded, and patient. They use a wide range of techniques to penetrate even well-protected enterprises.
Focusing on the Opponent
Recently, many organizations have taken a more powerful approach to their cybersecurity challenges by focusing on the opponent. If organizations understand their opponents' tendencies, techniques, tools and intentions, they can better bolster their threat-based defenses and improve their chances of preventing, detecting, and mitigating cyber intrusions.
Both approaches have merit. That's why MITRE advocates a balanced security posture that combines classic cyber defense approaches with a new emphasis on gathering and sharing intelligence information about threat actors. In this innovative model, defenders become both collectors of and producers of intelligence. Organizations can share this cyber threat information with each other to improve the security of everyone in the community.
"MITRE advocates a balanced security posture that combines classic cyber defense approaches with a new emphasis on gathering and sharing intelligence information about threat actors." — Senior Vice President and Chief Security Officer Gary Gagnon
Working Towards a Common Goal
To make that vision of collaborative cybersecurity a reality, organizations must be comfortable with taking from and contributing to information about cyber threats. This starts with the need to develop standards-based threat information repositories. Using standards will enable rapid communication about threats and automated responses to the threats. These secure data repositories will enable different organizations to share information within trusted groups and prevent adversaries from accessing the intelligence.
MITRE has developed partnerships with several communities that use these standards-based repositories, such as the Advanced Cyber Security Center in Massachusetts. Our ultimate goal is to enable the creation of additional communities and a federation of such groups to improve the security of the nation as a whole.
Featured Items
|
