Cyber security systems are now not only required to protect and defend against digital intrusions, but also to help enable the business. In fact, cyber security, designed to continuously monitor digital systems and implemented to immediately identify a breach and to contain and resolve a cyber incident, significantly helps with the operational continuity of company systems that support the business.
The mistake of cyber security systems in silos
The technological development of cyber systems has caused a parallel development over time of cyber security systems: firewalls, gateways, antivirus, antispyware, honeypots, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Data Loss Prevention systems (DLP), deep packet inspection systems, traffic filtering, encryption systems, Back Up management systems, sandboxes, advanced malware protection, next-gen firewalls, authentication systems, tokens, etc. However, it is rare that all these systems are managed by the same people and they are often connected to the same computer system at different times and with different management goals. All of these solutions form a cascade of information to be governed and protected, and serves as a potential extension of the attack surface, precisely because each individual piece of technology becomes part of the computer system that it is called to protect. This type of security approach is called “a puzzle”, because it grows opportunistically according to requirements and develops in every direction, rather than in a structured way. The same applies for systems that grow in silos, or separate compartments, where every environment has its own management and policy rules. The silo set-up emphasizes the approach, looking at it from the point of view of the architectural layers involved.
The next step towards a holistic model of cyber security systems
The most immediate consequence of the varied introduction of cyber security systems causes a huge variety of approaches and degrees of maturity. This situation usually culminates in a moment of such unmanageable chaos that you need to streamline and centralize. To do this, you have to evolve towards a unique approach which, however, helps retain the individual features of the respective tools so they remain interoperable, but connected to unique policies and procedures that are different yet coherent, complementary and correlated. In these cases, we are talking about evolving towards a holistic model, i.e. collaboratively developing an approach to combating threats, including the organizational framework and supporting integration and cooperation on every level, whether digital, logical or physical.
In this sense, we are also talking about the convergence of the system’s entire architecture. Giulio Iucci, president of ANIE Sicurezza, explains that “convergence is now a ‘systemic’ reality; everything is connected, just like one single large organism. The approach to cyber security must therefore be holistic, global and just as systemic”.
The critical infrastructure no longer just governs and enables essential services for the population. In some ways, a critical infrastructure is also a set of computer systems, including cyber security systems which, for each individual company, allow business activities and operations. Giulio Iucci continued “In the past, there were critical infrastructures. Nowadays, everything has become critical, from the point of view of hi-tech security. The intervention and action logic is completely changing for them. There is no longer the ‘periphery’ of the network, the fringe and second level of the system. It is all central and primary, and this brings a new logic of vulnerability. The fundamental point for building security is therefore the entire system architecture and the holistic vision of everything”.
Security methods are also changing and while before cyber security systems were set according to the “action and reaction” model, nowadays Command and Control requires preventive intervention based on system monitoring, data interception, correlation and analysis. This enables Early Warnings and requires, downstream of the incident management process, the introduction of a weakness review to introduce corrective measures aimed at continuous improvement. In this sense, the adoption of a certification framework such as ISO 27001 (based on the Deming cycle of Plan-Do-Check-Act) and/or the NIST Framework can help in the transition from an old-style model of introducing cyber security systems to the new set-up.
It is therefore about switching from traditional “contingency” management for security to a strategic, comprehensive view of protection. Starting from a threat assessment that is not generic but rather specific to your organization, specific risks can be associated by using a Threat Model, and for each one, company processes, security measures and cyber security systems are organized and governed using a synergistic approach.
This involves a holistic approach: a global, strategic view of cyber security systems as part of the more general organization of digital systems to support the business.