www.vanguardcanada.com DECEMBER 2019/JANUARY 2020 41
laST woRd
BY StEVE BowERS
T
he best offense is a good de-
fence. While technically true,
creating and maintaining a
good defence is not easy. One
major problem that presents
itself to most – if not all – defensive cyber
operations is getting the lay of the land:
understanding where the proverbial high
ground, low ground, and boundaries lie.
Achieving and maintaining awareness of
the "cyber battlefield" – both internal as-
sets and external threat infrastructure – can
be tricky due to disparate teams, tradecraft,
and tools in heterogeneous environments.
While these factors are practically unavoid-
able, employing an overarching platform
to provide central visibility through an
abstraction layer can provide great ben-
efit. Regardless of network tools, admins
vs. analysts, and IT vs. cyber standards,
obtaining situational and environmental
awareness of the cyber battlefield to those
in command, while not trivial, should be
possible. In fact, it must be possible, if the
defenders are going to get back on an even
playing field.
Perception of the cyber battlefield, as
explained above, can be distorted through
myriad tools and processes implemented
in a given environment. This causes cyber
operators and leadership to maintain, gen-
erally speaking, one of two perspectives:
"assume breach" or "everything is fine."
The real problem here is not necessarily
either of the perspectives: it is the lack of
coherent data to support either of those
perspectives. Thus, when creating this
unifying platform, it is necessary to cor-
roborate data from various layers of the
OSI network stack, as well as data from
various IT and cyber tools and processes.
From pulling packets off the wire to in-
gesting application data and cyber threat
intelligence for added context, a unifying
platform must provide the true situational
Can be distorted tHrougH Myriad tools
Perception
of CYBER
BaTTlEfIEld
