It’s Time to Transform Your Cyber Defense to Be More Dynamic & Proactive

By Trellix, May 26, 2022
This story was written by Kathleen Trahan.

Erratic and unpredictable adversaries are becoming immune to traditional linear defense approaches. Security analysts, drowning in alerts and information overload, are dealing with too many manual cycles of researching, investigating and analyzing configuration guidelines, best practices, and hardening documents that are incomplete and/or contradictory, without a full understanding of blue team exercises, making them unable to prioritize next steps. Mean time to respond is increasing adversary dwell time/breakout time to damage. Lack of effective change control processes and a clear understanding of the impact of applying a particular countermeasure in a customer’s environment, bring friction between security and IT teams.

Summed up, today’s dynamic threat landscape is alive and chaotic. Yet SecOps attempts to stay ahead of real-time threats is met with additional chaos. Consider:

• On average, companies with over 1,000 employees maintain about 70 security products from 35 different vendors, according to a report by CCS Insight.
• Unsurprisingly, according to an ESG¹ study, 44 percent of these alerts go uninvestigated due to a combination of talent scarcity and the multiplicity of security solutions generating a huge volume of alerts. The top barrier cited was the sheer volume of never-before-seen malware, with 44 percent of respondents citing this as their key concern. Coming in a close second (30 percent) was the time it takes to investigate threats once they are discovered.
• According to Cybersecurity Ventures, the cost of ransomware damage is expected to reach $265 billion by 2031. Their report predicts that there will be a new attack every 2 seconds, as ransomware perpetrators progressively refine their malware payloads and related extortion activities.

Additionally, SOC professionals’ response to threats is met with limited success, as previous approaches don’t have the necessary strategic defensive thinking and require a highly adaptive framework to guide not only SOC professionals, but also security architects, engineers, auditors and IT admins.

To address the need for dynamic proactive defenses, Trellix is introducing our Adaptive Defense Model (ADM). ADM emphasizes the importance of preparedness and “shifting left” to increase the security stance of an organization before the attack. It provides automated coaching with progressive insights during and after the attack to deliver solid countermeasures that minimize impact.

Unlike traditional linear models, ADM will help CIOs and CISOs identify assets at risk, mitigating actions, increase visibility, detection, and response capabilities to prevalent threats with a deeper understanding of the why and when of actions.

A new framework and approach

Some well-known cybersecurity models focus on modeling the attacker, not the defender. While they may offer some of the “what and how” to mitigate, they do so from a linear perspective. ADM offers the “when and why” to use defensive tools and actions. The framework is designed to boost SOC preparedness, anticipation and critical thinking.

Dynamic, full attack lifecycle guidance

ADM covers the entire attack lifecycle, offering guidance before, during and after the adversary initiates the attack, and empowering the SOC to address the attacker’s complete actions, end to end.

OODA (Observe, Orient, Decide, Act)

To predict movement effectively this feedback loop provides continuous guidance based on progressive insights---assuring best security outcomes.

Security Outcomes

ADM offers intuitive guidance to boost the necessary critical thinking in each attack phase. ADM is focused on quickly driving solid security outcomes: positive attack simulation results, reduce exposure and risk, and improved security.

In Action

An example of AMD in action may be seen in the recently released defensive playbook in Trellix Insights.

As SOCs work to stay ahead of the evolving threat landscape, Trellix is pleased to offer this proactive, dynamic defensive approach, shifting SOC teams’ readiness to help defend faster and smarter, with proven best practice guidance. Highly dynamic defense will transform your cybersecurity to become living security. To learn more, read the adaptive defense model white paper.