Establishing A Digital Immune System

Uploaded on 2023-09-06 in TECHNOLOGY--Resilience, FREE TO VIEW

In the rapidly changing reality of cybersecurity, one of the few things which seems to remain an absolute constant is the fact that threat actors are consistently becoming more sophisticated, and the risks to a business’s digital estate consequently more severe.

Faced with this relentless pressure, it can be easy for business leaders and cybersecurity decision-makers to fall into a mindset of always seeking to improve and strengthen the defences they have. Cybersecurity strategy, however, is not just about finding better answers: it’s also about making sure that you are answering the right question.

What does that mean in practice? Not too long ago, it would have been fair to describe the typical approach to cybersecurity as being like defending a castle. It was about shoring up the organisation’s walls, finding new ways to repel attackers, scanning the perimeter for potential weaknesses, and knowing how to drop the drawbridge quickly if - and only if - the person trying to get in is trustworthy.

Leaving The Castle

That all made sense when enterprise IT had a clear, well-defined core to defend. As businesses have increasingly relied on cloud computing, SaaS, and remote access in their IT infrastructure, however, the shape of the digital estate has become much more diffuse, and will only become more so as emerging trends like edge computing come into full force.

Now that there’s no definite perimeter to defend, it’s little wonder that new metaphors and big-picture ideas are everywhere in cybersecurity right now. One of the most interesting and fundamental is the trend towards thinking in terms of establishing a digital immune system, or DIS. Named as one of Gartner’s top ten strategic technology trends for 2023, a DIS shifts away from the front-line prevention focus of traditional cybersecurity strategies and instead thinks in terms of responding to and recovering from breaches, bugs and failures as quickly, effectively, and painlessly as possible.

Like a human immune system, DIS assumes that any barriers between the inside and outside of a system will be breached, and aims to notice and react to those events as necessary. Mimicking a human immune system, DIS aims to be highly flexible and agnostic to the cause or source of damage, as what really matters is the recovery. And, as with its human equivalent, the ultimate goal of DIS isn’t to tackle problems for their own sake, but to keep the body’s systems functioning for as long and well as possible - meaning that an awareness of proportional response and overall business impact is built into its thinking.

In other words, DIS is useful in part because it creates resilience regardless of the shape that a business’s IT infrastructure takes on.

At the same time, one thing that makes it a really interesting proposition today is the way it also targets the growing consequences of security breaches, alongside bugs and other flaws. The specialist technology insurer Parametrix recently found, in a survey of corporate decision-makers, that the median respondent said that IT downtime would cost them around £10,000 per minute. In that context, the value of designing to recover from, and not just prevent, downtime is glaringly obvious.

Building Immunity

Like other big ideas in cybersecurity, DIS does not signify any single technology, tool, or idea; rather, it is a collection of interventions, some new to the field and some very well-established, which are united by a common organising principle.

From my perspective, businesses looking to implement DIS should start by introducing advanced, field-tested methodologies to their human workforce. Chaos engineering, for instance, simulates random or unpredictable failures in infrastructure to vet how quickly systems and the teams responsible for them can achieve recovery, while site reliability engineering brings software-like flexibility to hardware-based operations. 

Taking this a step further, businesses can look to explore AI-powered testing and remediation tools, which automate the discovery of potential issues on the one hand, and the repair of active failures on the other. Through focused investment in groundbreaking technologies such as this, we can take steps towards creating organisations that are not only resilient, but can pinpoint and rectify IT incidents before they cause disruption. This is the future we’re ultimately striving towards: the self-healing enterprise.

The essential element that underpins all of this is monitoring and observability. The immune system analogy holds once again: the body has many ways of solving damage and infection, which operate according to various timescales and levels of severity, but they all start with noticing the problem and triggering a response as swiftly and accurately as possible.

Once information about technology performance - which might range from hard disk read times to user dwell times - is integrated into a unified, granular, and holistic platform, businesses will be in a position to start truly targeting recovery and resilience, rather than just investing endlessly in tools to forestall the inevitable failure.

The DIS won’t replace front-line defences entirely - but it will make the damage that breaches do to users, reputation, and revenue less severe.

Matt Tuson is General Manager,EMEA at LogicMonitor                                   Image: John Barpikle

You Might Also Read: 

Protecting Your Company’s Data Against Insider Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« LockBit Hacked British Military Data 
The Unique TTPs Attackers Use To Target APIs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Information Technology Association of Canada (ITAC)

Information Technology Association of Canada (ITAC)

ITAC is the voice of the Canadian ICT industry and are dedicated to making Canada a world class, cutting-edge digital society.

Eversheds Sutherland

Eversheds Sutherland

Eversheds Sutherland is a global multinational law practice offering a full range of commercial and IT law services including Privacy, Data Protection and Cyersecurity.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

Cloud53

Cloud53

Cloud53 specialise in improving operational IT through strategic use of Cloud technologies and services.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.