Well, you are right. I haven’t published the first and second steps yet, but this seemed more pertinent and urgent because, these days, it’s not a matter of if your organization will face a cyberattack, but when. Yet, many corporate boards still treat breach readiness for digital resilience as a technical side issue rather than a core priority.
I am Agni, a Cyber Defense Evangelist at ColorTokens, and this article is part of a series where I elaborate on how enterprises can assure their stakeholders that they are prepared to face cyberattacks. I intend to share more about breach readiness in later posts. So, without much ado, here is how digital ghosting contributes to digital operational resilience.
As the industry struggles to contain the continuously increasing number of cyberattacks, despite increased investments in cybersecurity, more and more enterprises are beginning to focus on the value of cyber defense capabilities to #bebreachready when building resilience in digital operations. As cyber defense takes center stage, digital ghosting is evolving as a breach readiness strategy (with associated tactics and techniques), to obscure the traces of digital systems by focusing on stealth, evasion, and denying access to critical digital systems.
This obscurity makes detection and attribution difficult, giving credence to the philosophy of “you cannot attack what you cannot see,” which improves deterrence and discourages cyber attackers. Making systems inaccessible is not new; it has always been possible, but it was never an objective when designing a #bebreachready posture. However, with advancements in microsegmentation technology, what looked like a complex and time-consuming problem until now can be tackled more easily with modern tools. Digital ghosting requires careful planning and powerful software capabilities to obfuscate digital systems.
It is now possible to achieve digital ghosting within days by progressively reducing the inward and outward communications from each digital system. This means that modern and informed cyber leaders and boards now have the option to utilize proactive denial as a foundational technique to render systems inaccessible to attackers while addressing the expectations of authorized users to access applications and other digital systems, particularly for critical systems.
However, such techniques require enterprises to document how digital systems interact with each other and with external systems at data centers, the network edge, cloud platforms, and industrial systems (OT, ICS, CPS, IIoT, IoMD, etc.). Most farsighted and agile CISOs are adopting these mechanisms to anticipate and contain cyberattacks by using modern panoptic visualization capabilities in microsegmentation tools. Because such tools focus on breach readiness, security teams not only gain visibility into which digital systems across the enterprise are more critical to maintaining a minimum viable business than others, but they would also learn which of these interactions are riskier than others.
This helps cybersecurity leaders develop a digital ghosting plan, ensuring the availability of critical digital systems for authorized users when needed, while obscuring them from other systems and users based on specific triggers from the digitally connected enterprise, thus deterring potential cyberattacks and thereby hardening the digital enterprise.
As I mentioned earlier, this is the third step in building a breach-ready capability. The Mission-Critical Assurance by Zero Trust Enforcement program includes
Step 1: Establishing the baseline context of digital business
Step 2: Modeling cyber defense and building playbooks, among others
More details are underway. Stay tuned.
Should you be interested in reading more about ColorTokens and how it turned out to be the first vendor to score a perfect five in all categories according to GigaOm, click here, and follow me on LinkedIn.
If you want to know more about cyber defense and breach readiness strategies, drop us a note here.
This article was originally published on Medium.
