Tuesday, Jun 7, 2022
BY: Shannon Hawk
Cyber threats don’t remain static for very long—you only have to go back a few years to a world in which double extortion ransomware didn’t even exist. Threat actors constantly evolve their tactics and methods, and new adversaries enter the scene all the time.
In the context of today’s complex IT environments, the swift evolution of threats spells bad news. There is now a larger attack surface to exploit, which makes it more difficult to keep up. Adaptive security, however, provides a way of doing things that lets your organization keep pace with the latest threats. This article defines adaptive security while highlighting its benefits to your business.
What is Adaptive Security?
Adaptive security is a cybersecurity model that eschews dependence on perimeter defenses and focuses on continuously monitoring behaviors and events in an effort to better protect against threats. It’s not that perimeter defenses are completely redundant, but adaptive security recognizes those controls and systems are not enough anymore to defend against sophisticated threats targeting increasingly large attack surfaces.
The history of adaptive security stretches back to a 2008 paper that spelled out the three key goals of this model:
- Anticipate threats before they manifest in your environment
- Respond to and contain threats
- Reduce the attack surface
Interestingly, the model draws inspiration from how biological and ecological systems can adapt to threats dynamically using feedback. Consider how your own immune system quickly “remembers” pathogens so that when encountering these same threats again, your body fends them off faster. Also, biological systems have an incredible capacity for threat detection and self-healing.
By scrutinizing a range of different data sources, including events, behaviors, system data, and user characteristics, adaptive security uncovers anomalies and helps counter threats with dynamic protection and response. This contrasts with the traditional approach of putting in place security controls and relying on detection and response processes that only kick in after a threat takes hold in your environment.
How Does Adaptive Security Work?
There are four layers to adaptive security that together create a feedback loop for better cyber defense:
- Prevention — controls and solutions like firewalls and intrusion detection systems still have a role to play in adaptive security. The first phase is all about using smart policies (e.g., least privilege access) and effective controls to block the vast majority of cyber threats.
- Detection — continuously monitoring different data in your network environment for anomalies indicating the presence of more advanced threats that bypassed your preventative cyber defenses. A critical tenet in this stage is that detection systems have a self-learning capability for faster, more accurate detection as more data and patterns are fed into the system.
- Response — in the response layer, you investigate incidents, conduct a retrospective analysis and apply countermeasures such as policy changes to prevent similar future incidents that managed to bypass previous layers.
- Predict — using cyber intelligence from internal and external sources to then set the tone for tweaking the prevention and detection layers, better reflecting the threat landscape faced by your organization. In other words, the predictive layer feeds back into the first phase to complete a loop that provides superior threat visibility and protection.
Some sources regard the prediction part as the first layer, which makes sense in some respects. However, you’ll likely already have a prevention layer in place even if you don’t yet adhere to the adaptive security model, so it makes sense to start the loop there.
Benefits of Adaptive Security
Real-Time Threat Detection
Continuously monitoring for anomalies and analyzing relevant data allows for real-time threat detection even in novel scenarios, such as zero-day vulnerability exploits. Adversaries often establish and persist access in networks for lengthy periods of time before being detected, where they carry out a range of malicious activities. Adaptive security accelerates threat detection to the speed required for businesses today.
Fewer Data Breaches
The escalation from a network intrusion to a data breach can take hours, days or weeks. Regardless of the time it takes to access sensitive assets and exfiltrate them, data breaches are an outcome that any business leader wants to avoid.
The more rapid threat detection and quicker times to resolution promised by adaptive security limits the damage caused even when threat actors manage to get past preventative controls. The outcome is fewer data breaches, which, at $4.24 million per breach, is a significant cost savings that makes this model easy to justify to decision-makers.
Reduced Attack Surface
An overlooked benefit of adaptive security comes from the predictive stage and how it reduces your cyberattack surface. As a brief reminder, the attack surface is the sum of all possible points of unauthorized entry into your environment. This attack surface includes software vulnerabilities, unsecured employee endpoint devices and servers with risky open ports.
Using insights gleaned internally and from external sources, you can figure out the most prominently targeted entry points and work to reduce them in the prevention phase. Some actions or changes might include better patch management policies, endpoint detection and response, or hardening your web servers.
Another benefit of adaptive security is it doesn’t rely on a single flashy new solution. The flexibility here is that you can integrate an adaptive security approach across many types of platforms and controls. To get the most from adaptive security, though, advanced analytics and machine learning need to play a role because this is where the ability to study patterns and behaviors and correlate them into threat detection capabilities comes from.
Don’t Go It Alone
Adaptive security is a promising security model that lets you better keep pace with the threat landscape through continuous response rather than only dealing with threats when they turn into incidents and breaches. But actually implementing the continuous response that the model calls for is difficult among the slew of other tasks occupying your security team.
This is why working with a managed security services provider (MSSP) is often the best solution for your business. MSSPs continuously monitor your environment, detecting and responding to threats in real-time in line with the objectives of adaptive security. They use real-time, proprietary analysis and threat data along with recommendations to prevent future attacks.
Learn more about how an MSSP might be the right choice for you here.