Today’s continuously evolving threat landscape and the need for business continuity mandate the need to rethink security workflows. Robust virtual data centers and considerable computing power are the ingredients for a new approach to securing critical data. With an adaptive approach, mission and business functions can continue at the same time that malware is encapsulated and monitored.
Adaptive security is a proposed alternative to traditional incident response whereby current virtual data center capabilities can be leveraged in order to solve real-world challenges. Much like a magician’s sleight of hand, the goal of this approach is to give attackers the illusion that they are operating within a live environment. In this scenario, no legitimate data can be accessed or exfiltrated. The workflow for adaptive security is as follows:
Most current endpoint security workflows detect and block inbound threats. In the event that remediation fails, infected machines are re-imaged. However, crucial attacker information is often lost in the name of a swift return to business capability.
Why is a new workflow important? With an adaptive approach, a security team can covertly gather information that can be used to improve the risk posture of the organization. Adaptive security is a key component of cyber resilience and the approach can be applied at any level of an organization – from desktop to subnet.
Read more about adaptive security in our new analyst brief: Adaptive Security for Business Continuity.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.