I completely agree with the idea that current cyber-defense models are wholly inadequate. What we need are anticipatory models (systems and applications really) that can successfully discriminate between normal operations and impending attacks and thwart them before they occur, not after.
Mark G. Manglicmot, Adam C. Tyra
Static cyber defenses based on fixed sensors and event correlation have proven insufficient. Defenders have adopted the cyber equivalent of placing a cop on a street corner with a pile of mug shots in the hopes that a criminal will walk close enough to be seen. However, as most bad guy hunters would attest, fighting evil consistently requires you to proactively investigate it, hunt it down, and kick in the door where you find it. The key here is hunting. Companies must evolve their security operations to proactively hunt intruders and either eradicate them from the network or confirm that they were not there in the first place.
In this paper, we present an “Active Defense” approach to security operations fusing enhanced infrastructure awareness with timely threat intelligence to surgically interrogate, monitor, and defend critical business enclaves. A holistic strategy is outlined along…
View original post 9,021 more words