Having your Virtual Cake and Eating it Too

Today’s continuously evolving threat landscape and the need for business continuity mandate the need to rethink security workflows. Robust virtual data centers and considerable computing power are the ingredients for a new approach to securing critical data. With an adaptive approach, mission and business functions can continue at the same time that malware is encapsulated and monitored.

Adaptive security is a proposed alternative to traditional incident response whereby current virtual data center capabilities can be leveraged in order to solve real-world challenges. Much like a magician’s sleight of hand, the goal of this approach is to give attackers the illusion that they are operating within a live environment. In this scenario, no legitimate data can be accessed or exfiltrated. The workflow for adaptive security is as follows:

5 rectangles in a row with grey arrows going from one to the next with the words "evaluation, cloning, transference, containment, communication"
Most current endpoint security workflows detect and block inbound threats. In the event that remediation fails, infected machines are re-imaged. However, crucial attacker information is often lost in the name of a swift return to business capability.

Why is a new workflow important? With an adaptive approach, a security team can covertly gather information that can be used to improve the risk posture of the organization. Adaptive security is a key component of cyber resilience and the approach can be applied at any level of an organization – from desktop to subnet.

Read more about adaptive security in our new analyst brief: Adaptive Security for Business Continuity.

Follow us on Twitter (@jsnPpp and @moralesATX) to keep informed as new research is released.

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.

TAGS: Adaptive Security, Business Continuity