Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1194327
42 DECEMBER 2019/JANUARY 2020 www.vanguardcanada.com laST woRd view of the environment. With this insight, operators and leaders alike can share the same clear perspective and extract action- able intelligence. Strategic intel, such as a risk scoring system for executive leader- ship, tactical intel for management, such as current top threats, and operational intel for operators, such as ongoing attacks, can and must be derived from this data. In ad- dition, enabling just-in-time communica- tions between leadership and operators via built-in case management is also required to properly leverage this intel and enhance operational agility for all parties. This all-unifying abstraction platform must act as the topographical battlefield map for the organization, but also the centre for IT and cyber coordination. Insight provided by this platform not only shows security opera- tors and their respective leadership the lay of the land, it also provides a canvas on which to chart their crown jewels: the mission critical systems that help achieve business objectives. In addition, by providing near real-time visibility into traffic flow to and from vulnerable systems, as well as network security appliance configurations – and any gaps discovered therein – cyber operators can view potential, imminent, and current threats as they happen. Combining this top- ographical view of the business environment with exact locations of key assets and adver- sary actions enables tactical and strategic IT and cybersecurity actors to track whether or not an adversary has infiltrated their environ- ment, and any actions on objectives that may be taking place. By adding greater "depth of field" and aligning business objectives through vari- ous lenses of visualization at either a micro or macro level, the enterprise can better comprehend the orientation of the secu- rity posture of the environment, and the processes therein. This added comprehen- sion allows for greater articulation of the common defence in-depth strategy and corresponding infrastructure deployed presently. Organizations that have rou- tinely been looking to get a handle on covering the basics can immediately see a full picture of their existing cyber security attack surface. Further, once this platform is properly integrated with other sources such as firewalls, network switches and SDN (Software Defined Networking) in- terfaces, operators will – for the first time – witness any gaps and overlaps that exist within their ecosystem. With this insight, a fully formed understanding on the exist- ing state of the cybersecurity is complete. Our cyber operators and engineers can then begin to refine the understanding and application of rules, ports, and pro- tocols across various network segments and clearly define a finite approach to the overarching business processes that are es- sential to the survival of the mission – or the enterprise as a whole. Most existing products provide visibility on one aspect of a given environment, re- sulting in silos that provide an incredible understanding on the existing perspec- tive of that product but hinder the shar- ing of that information laterally to other products. Also, while the industry's cur- rent focus is to move towards a SOAR (Security Orchestration Automation and Response) model, most organizations and industries are hard-pressed to implement such a product for fear that a misstep in configuration would worsen their already weakened posture. Without exception, it is the limitations of current products, and the failure to share information between various vendors in standard formats that continues to plague the enterprise security program. Unifying disparate products re- sults in a more complete picture for the commander or executive of any organi- zation and the opportunity to develop a more coherent and deliberate approach to their organization's cybersecurity posture. No security panacea exists. Extra effort must therefore be expended to share infor- mation across multiple products, while at the same time placing a greater emphasis on cross-pollination of ideas, approaches and methodologies throughout the indus- try. Through improved perception of infor- mation relative to the mission at hand, all groups within security operations can view, often for the first time, the ramification of their actions within the environment. Moreover, the shared understanding on the current layout at a wire level – and not that antiquated network diagram complete with coffee stains and scribbles – will en- sure the completeness of an organization's security posture. Once the "seals" on the network are complete, fully mapped, and highly intuitive from a tactical, operational, and strategic perspective, everyone – not just security practitioners – will have the ability to contribute and aid in the devel- opment of a good defence and, ultimately, the mission's success. Steve Bowers is Senior Technical Advisor at CybernetIQ Ltd. He is a cybersecurity pro- fessional with a passion for educating oth- ers. Over the past 11 years, he has had the opportunity to learn some valuable lessons in the development of cybersecurity pro- grams. Steve has seen several common is- sues in the myriad roles and organizations within which he has worked, and aspires to help organizations use existing people, pro- cesses, or tools to alleviate these issues. Through education, services rendered, or beer-fueled conversations, Steve aims to help others improve their day-to-day secu- rity operations and better manage risk. No security panacea exists. Extra effort must therefore be expended to share information across multiple products, while at the same time placing a greater emphasis on cross-pollination of ideas, approaches and methodologies throughout the industry. Engineering