We're experiencing a shift from reactive to proactive cyber defense. The community is acknowledging the benefits of using cyber threat intelligence to adjust defensive measures. Quick response to the changing tactics of the cyber threat depends on small teams of tool developers and cyber defenders working closely together to create new tools based on threat information to bolster their defensive posture. This Development Operations, or DevOps cycle, along with efforts focused on sharing threat information, can bring innovative change to cyber defense more quickly than traditional approaches.
Techniques the adversary uses during each stage of the cyber kill chain create opportunities for defensive operational innovation. By using analysis to discover these opportunities, and quickly changing defensive posture to take advantage of them, small DevOps teams can produce specialized defensive measures that more effectively address advanced cyber threats.
Advances in MITRE's operational defenses have been achieved by such a DevOps cycle. An experiment to observe cyber adversaries' actions in a limited-scope synthetic environment produced cyber threat information that could be activated immediately and instrumented in our own threat-based defense.
Operational innovation using a DevOps approach can enhance active defense without disrupting it. We continue to research the concept by tapping into the knowledge and skills of those tasked with enterprise management—who are well-positioned to notice anomalies in operations—to work with our tool developers, researchers, and cyber defenders to advance our own defense.
Cyber adversaries will continue to adjust their tactics, techniques, and procedures (TTPs) in response to changes in technology and cyber defense. Having a pipeline of innovation across the gamut of enterprise operations will make an organization stronger and better prepared.
Featured Items
Articles
Papers
|
