by Gary Gagnon, Former MITRE Senior Vice President and Chief Security Officer
Many organizations try to deal with cybersecurity threats by focusing inwardly. They conduct vulnerability assessments, make detailed network maps, and use robust patch management processes to continuously monitor their networks and systems.
Although this approach provides some benefits, against many cyber threats it's ineffective. Most corporate networks are so large and complex that it's simply too difficult to identify all of their assets, or all of their vulnerabilities, and patch them fast enough. Today's cyber wrongdoers are sophisticated, well-funded, and patient—they use a wide range of techniques to penetrate even well-protected enterprises.
Focus on the Opponent
Many organizations have begun to focus on the opponent instead. By better understanding their adversaries—their tendencies, techniques, tools, and intentions—organizations can bolster their threat-based defenses and improve their chances of preventing, detecting, and mitigating cyber intrusions.
Both approaches have merit. That's why MITRE advocates a balanced security posture that combines classic cyber defense with a new emphasis on gathering and sharing intelligence information about threat actors. With this innovative model, defenders become both intelligence collectors and producers. Organizations can share this cyber threat information to improve the security of everyone in the community.