Security Strategy & Principles

 




Microsoft Security Principles

It includes the following:
  1. An effective defense requires you to dramatically increase the costs to the attacker. 
  2. Assume your identities are always under attack. 
  3. Apply attack graph thinking.
  4. Defense in depth is critical. 
  5. Protect, detect, and respond. 
  6. Above all, assume compromise. 

Measuring Security Success

It's is difficult to calculate Security Return on Investment (SROI) as both the components of risk are not easy to measure. 
  • Impact- Many of the outcomes are unknown and difficult to measure (like, which competitive products have benefitted from intelligence stolen from your environment?).

  • Likelihood- This is driven by uncertainty influenced by adaptive/reactive human attacker decisions (i.e. they are not random). 

Defender Investment consists of:

  • Security budget - which is the cost of purchasing technology and hiring people.
  • The time and attention of the team members.

Defender Return consists of your ability to:

  • Reduce the attacker's ROI, which discourages attackers, encouraging them to move on to easier targets, and thereby reduces the frequency of attacks. 
  • Reduce the business impact of any attack on your organization. 

Attacker ROI is a crucial factor that defenders must work to influence:

  • Attacker Return which is the success rate of attacks and is largely out of control of individual defenders (like, black-market availability, law enforcement effectiveness, etc.). Hence, it's not recommended to waste time or attention on this one.

  • Attacker Investment which is the best opportunity for a defender to affect ROI by adopting a strategy of defeating the cheapest attack mechanisms, you force an attacker to spend more time/money/resources to successfully attack you.   

The Defender's Dilemma

The most common dilemma faced by the defenders is that they have to be correct every time, every where forever whereas an attacker has be right just once. Security is not an easy task because we can never have enough resources to protect all the assets which in turn results in turn leads to a lot of security projects remaining in backlogs (usually representing accepted risk); whereas, the attackers have a variety of effective techniques ranging from an exploiting unpatched firmware, operating systems, and apps to configure weaknesses to human errors by users or administrators.

The cloud makes threat detection more effective since the cloud stores and processes massive numbers of events and the other threat signals - administrators can use context and machine learning to separate the signal from the noise. Besides, it also offers a community effect i.e. if 100 customers are protected by cloud threat detection, an investigation of an attack on one benefits the other 99 with little or no effort on their part. 

Microsoft is also capable of investing billions of dollars to get the optimal mix of security expertise, processes, and technologies and its cloud services can detect as well as respond to threats in almost real time as they have a continuous access to security event information across millions of devices with millions of network connections and logging activities. Microsoft uses behavioral analysis, anomaly detection, and sophisticated statistical algorithms to identify potential compromises as they happen.

Raise the Attacker's Cost

As a defender, if you concentrate on undermining the attacker's model by raising the cost of attack, then, you can easily shift the paradigm from a Defender's dilemma to an Attacker's dilemma and if you defend against the cheapest attack techniques first, the cost to attack your environment will raise automatically. 

Once you have solid detection as well as response in place against known attacks, then you can readily defend against any potential and future attacks which is not a luxury most organizations can afford. Microsoft Defender for Office 365 will help you to use Attack Simulator to run realistic attack scenarios within your organization which greatly help you to identify as well as find vulnerable users before a real attack impacts your bottom line. Hence, the more you are able to prevent "easy" attacks, the more expensive it becomes for an attacker.

     




Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)