A newly released strategic plan issued by the Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to improve on traditional cybersecurity prevention and detection approaches that focus on perimeter defense. Instead, CISA is stressing the importance of building up a network security posture based around resilience.
There is clear evidence that typical approaches taken by organizations are falling short. For example, since 2020, a recent survey released, nearly 80% of global organizations have suffered a ransomware attack, to the tune of many millions of dollars. And, Statista reports, during the third quarter of 2022, around 15 million data records were exposed through data breaches worldwide, an increase of nearly 40% compared to the previous quarter.
The CISA Strategic Plan 2023-25 outlines four strategic areas that the U.S. needs to improve to secure critical infrastructure:
- Cyber defense
- Risk reduction and resilience
- Operational collaboration
- Agency unification
One overarching goal, CISA writes, is to enhance the ability of federal systems to withstand cyberattacks.
Federal agencies, CISA dictates, must be prepared to rapidly recover in the event of cyberattacks and other incidents, including maintaining the ability to continue operating during and after such events. In other words, CISA acknowledges that breaches are virtually inevitable and responses need to be formulated ahead of time.
This focus on resilience is a marked shift away from the longstanding aim of cybersecurity solutions available on the marketplace: prevention. This isn’t to say that solutions focused on detection and tools like firewalls and perimeter defense tools don’t have key roles to play. But, in recent years, as network architectures have become increasingly complex, the attack surface has increased dramatically.
Legacy cybersecurity is simply insufficient on its own.
To build true resilience into a modern security program, organizations must look behind an often fruitless goal of simply keeping intruders out. CISA’s plan, especially as it relates to the Biden Administration’s 2021 “Executive Order on Improving the Nation’s Cybersecurity,” a policy that mandates zero-trust architecture among federal agencies, shows that protecting critical infrastructure has become a much more comprehensive proposition.
Not only do agencies need to ensure continuous operations during a cyberattack, but they must have a plan in place related to proactive risk mitigation. A zero trust approach focuses on such resilience, along with guiding principles considered by effective modern SOCs: assume breach, maintain least privilege, and “never trust, always verify.” Ideally, this approach can keep small breaches from turning into massive breaches with far reaching consequences.
Reduce Mean Time to Detection
MixMode is the Cybersecurity Intelligence Layer℠ your security team can quickly depend on to work smarter and cut through the noise, to assure that the right alerts are taken seriously, and the real threats are detected and dealt with expeditiously.
MixMode can identify anomalous ‘pre-attack’ or ‘pre-game’ behavior and alert your SOC before an attack even gets underway. This ‘negative time to detection’ allows you to stay ahead of the adversary and mitigate business disruption. Our AI is purpose-built to generate predictive models of complex systems – allowing MixMode to quickly detect low and slow, and adversarial AI attacks.
Eliminate bias and blindspots.
Rules-based detection systems, by their very nature, are not equipped to detect never-before-seen attacks. With no reliance on rules, MixMode’s self-learning system develops an understanding of what is normal and expected, and elevates what deviates in real-time, allowing you to quickly assess and respond to novel attacks before the damage is done.
Tune out the noise.
Facing a constant stream of false positive alerts, it can be difficult for analysts to remain vigilant – leaving your business at risk. Teams using MixMode have reduced their false positives by over 96%, allowing them to focus their attention on valid threats and stop novel attacks that would otherwise have been missed.
Effective Triage Speeds Detection
MixMode eliminates the need for manual correlation by seamlessly integrating logs, cloud, applications, network, endpoints data to detect and identify trigger actions that indicate something is amiss before it amounts to an attack. Because MixMode is a self-learning, generative AI platform, it accomplishes best-in-class security posture absent any rules, historical data, training, tuning, labeling, or human operator involvement, and improves SOC teams’ MTTD by suppressing the noise of false positive alerts. The MixMode platform can be deployed remotely, with no required hardware, in under an hour.