What is adaptive security?
No attack vector is new. Ransomware, remote access breaches, phishing and other forms of cyber-espionage have been around for decades, yet we’re constantly coming up with new ways to solve them. Technology has evolved to meet the growing need to protect critical access points and assets from cyber-threats, but vulnerabilities are inherent. There’s always going to be a risk, a weakness and something prone to error with innovations being introduced and adapted, particularly from a cybersecurity perspective — the one area that should be flawless. There’s so much ideation on the best way to have a good cybersecurity posture, for a good reason. Cyber-threats are imminent; it’s just a reality of the times. The best thing we can do is embrace new methodologies built to specifically address today’s evolving threats.
What is adaptive security?
The adaptive security model is a cybersecurity approach structured around prediction, prevention, detection and response. The adaptive model forgoes traditional notions of perimeter and assumes there is no boundary between safe and unsafe. This is a necessary conceptual shift, especially considering the migration to cloud services and ubiquitous computing outside of enterprise walls.
- Prediction: The prediction component of adaptive security is about assessing risk, anticipating threats and evaluating your current security posture to see if it can withstand the risks and threats you’re preparing for. It considers current security trends and analyzes how they could impact your organization.
- Prevention: The prevention element of the adaptive security model integrates risk-based security measures into an organization’s digital framework. It takes a hard look at systems to patch vulnerabilities and tighten security controls. It implements methods like least privilege and zero trust network access (ZTNA) to achieve a granular level of network access, limit visibility and prevent lateral movement in a network.
- Detection: Detection involves continuous monitoring techniques to detect incidents or any anomalous behavior within a system. This can be accomplished with innovations like AI algorithms that enable cybersecurity products to become more adaptive, learning as data and system behavior patterns are observed.
- Response: When building your adaptive security model, build the response component around how you can best respond to the threats and risks you’ve predicted. Have an incident response plan in place to remediate any security incidents. Be prepared to modify and adjust your security posture based on the vulnerabilities found or experienced in current security plans. Also, investigate incidents and analyze cybersecurity efforts and user behavior to influence the lifecycle’s prediction, prevention and detection components.
Why you need an adaptive security model
The adaptive security model is, so far, the most well-rounded and comprehensive security approach that looks at all levels of risk, threat, security and response to protect against all forms of cybercrime. It takes concepts we know and love like ZTNA and least privilege and brings them into a more realistic landscape — the place where attacks can and will happen, even with the right tools in place and boxes checked. You have to go against the idea of a traditional perimeter and have plans to build a fence around each identity and asset while also keeping and improving plans for threat detection and response.
How to implement adaptive security
Saying, “You should follow the four components of the adaptive security model” is one thing, but knowing where to start is another. Here are some actions your security team can take to start implementing the adaptive security model and better protect your critical access points and assets:
- Predict: Define threats and threat characteristics that should be avoided or destroyed. A threat characteristic may be an attribute of a known threat but may not include the entire threat structure, such as a third-party user: the user might not be a threat, but the fact that they’re an external third-party using remote access to connect to systems makes them a threat. And understand where threats are coming from. Is it your supply chain? Is it through software vulnerabilities? Is it through malware? You also want to understand your baseline security posture. What systems, processes and safeguards do we have in place today?
- Prevent: Like stated earlier, the prevention stage hardens and isolates systems to patch vulnerabilities and prevent attacks. Ask yourself, what practically does it look like to harden systems and tighten up the security controls? Identify acceptable behavior, trusted components and actions that are currently commonplace but could actually pose a threat.
- Detect: Define triggers to monitor for threats and, as necessary, invoke an auto-immune system response. These “immune response mediators” are the threat detection sensors that alert the larger IT infrastructure of potential threats and prime the threat response mechanisms.
- Response: Define a recovery process whereby systems are capable of adaptively reconfiguring and restarting themselves. Define feedback capabilities that allow the threat response mechanisms to validate threats to respond only to legitimate and realistic threats. These feedback mechanisms help to ensure that the triggers and threat response mechanisms understand the security context in which they operate, hence the adaptive behavior.
The new age of adaptive security brings all the different elements of threat prevention like access controls, policy and monitoring, creating a holistic approach to securing access and endpoints. Cyber-threats and attacks are constantly evolving, and organizations can expect to face a slew of dangers and challenges without technology that evolves and adapts with it. This post originally appeared in InfoSecurity Magazine.