The Best Offense Starts with a Great Defense: Continuous System Hardening
American Football coaches are constantly reviewing film to devise strategies for the important game. Defensive coaches are continuously looking for ways to reduce the success of offensive attacks. Teams traditionally have several defensive schemes and change their defensive strategy depending on the team they face. The defensive concepts a coach chooses depend on which are most effective against the offensive tendencies and formations of the opponent. Companies use a similar strategy when it comes to continuous system hardening.
Cybercriminals aim to exploit vulnerabilities and compromise assets and systems. These attackers employ a wide array of tactics, from phishing and malware to data breaches and ransomware attacks. Just as a mature defensive strategy minimizes an offense’s ability to attack, continuous system hardening minimizes the attack surface of an endpoint or system by allowing companies to address vulnerabilities before they can be exploited.
The D-Line:
Like companies’ IT departments, American Football teams invest heavily in their defensive line, knowing that the best offense starts with a great defense. Organizations must invest in robust cybersecurity and hardening measures to protect their assets and systems. The growing need for security is evident as cyber threats continue to evolve and become more sophisticated.
The Defensive Looks:
Continuous system hardening starts at the line of scrimmage: the line of demarcation between the offense and the defense – it’s the line between the good guys and the bad guys. Once the ball is snapped from the center to the quarterback, defensive strategies come into play. Defenses must constantly adjust to counter the offense's changing strategies. The same applies to continuous system hardening, which requires monitoring and adapting security measures as new threats emerge. This defensive lineup must include things like updating security policies outlining the rules of the game, establishing proper configuration baselines and configurations management, and patch management to address identified weaknesses and protect against exploits.
The Playbook:
When determining which coverages, a defense should show and what is and is not allowed, they go to the rulebook. A company’s security policy is essentially the same thing. It spells out the rules, expectations and overall approach an organization uses to maintain safety, security and availability of its assets or systems. It outlines things like risk mitigation measures, compliance standards, training requirements and incident response and recovery tactics. The goal of the playbook is to outline the strategy, requirements and responsibilities of the team.
Man-to-Man Coverage:
In American Football, man-to-man coverage is when a defensive player covers a specific offensive player. The defensive player must mirror the offensive player and matchups are important. It is one of the biggest strengths a defense can have because it affects the offense’s timing and rhythm. In continuous security hardening, establishing configuration baselines helps companies prioritize configuration standards to better focus on higher risk items first. When an offensive player makes a move, the defender makes an adjustment. If the player is further from the end zone, the move may not be as important. If the offensive player is closer to the end zone, the defensive coverage becomes more important.
The Blitz:
If a defense identifies the play the offense is about to run, or the direction the play is going, they can dial up a blitz defense to direct defenders to the point of attack quickly. Applying patches for known exploited vulnerabilities serves essentially the same purpose. When a vulnerability has a known exploit, it’s like reading the offense. We know the play they’ll run. We know how they’ll attack. We can blitz by applying patches to defend the point of attack to stop the success of the play.
Adjusting to the Attack:
Linebackers are talented players used to defend against both running and passing offenses, and they change their routes as they read the offense. Incident response teams in cybersecurity serve similar functions. When an attack occurs, they contribute to the play by containing the incident, minimizing damage and restoring normal operations. Their goal is to prevent adversaries from scoring, much like a linebacker stopping an opponent’s advance.
Teamwork:
Just like a team’s ever-evolving defense, continuous system hardening requires teamwork, communication and effective execution to protect against breaches, minimize the attack surface and respond quickly to threats. Proactive strategies, adaptability, teamwork and an unwavering commitment to prevent the opposing side from achieving their objectives is what continuous system hardening is about. Just as a well-established defense can thwart even the most potent offenses, effective continuous system hardening is key to defending against the ever-evolving digital landscape of cybersecurity threats.
Ready to learn more? Discover What's New in OT/ICS Cybersecurity.