Posted March 7, 2018
When it comes to your organization’s cybersecurity, there is no “one size fits all” solution. In the face of today’s dynamic threats – bad actors constantly find new and innovative ways to circumvent existing security apparatuses – many organizations are struggling to get ahead of an attack.
Yes, the more you know – what adversaries are operating in the space, the techniques and procedures leveraged by them, and the tools and vulnerabilities used and exploited to ensure that their efforts yield success – the better positioned you are to defend your assets. However, have you ever thought about approaching this from what we call an “effects-based” approach – looking at the end game of an action as your starting point? By doing so, you’ll better understand the larger cyber threat landscape, and where your organization falls within it.
Initially a military concept, Effects-Based Operations (EBOs) systemically evaluate incidents (such as a major hack) through the lens of strategic centers of gravity — leadership, key essentials, infrastructure, population and military forces. EBOs look at the totality of the system being acted upon and determine the most effective means to achieve the desired end state.
It puts the attackers’ “bottom line” – in this case, their intended consequence – upfront with the purpose of analytically working back from that point to the perpetrator rather than the other way around. This allows network defenders to investigate how current tactics employed by hackers would work against their organization. In addition, security teams can explore other venues not yet compromised (but could be) to identify future threat trending.
Toward this end, security teams can look at the impact of cyber incidents within their respective industries and verticals to begin understanding how and why hostile actors are implementing specific attacks – and what they may look for in targeting their organization.
Recognizing the latter (i.e. data exfiltration or disruptive attacks), rather than focusing on the means and manners in which these objectives are carried out, enable network defenders to identify the causal linkages between such incidents, adding to their core knowledge base of attackers and their operations.
Examples of effects-based trends include infrastructure impedance such as those resulting from distributed denial-of-service (DDoS) attacks; influence schemes (e.g. the suspected Russian hacking of the Democratic National Convention and state voter registration systems); data aggregation typically associated with cyber espionage; “false flag” operations in which adversaries purposefully leave data to implicate another source; and cyber-informed kinetics.
In a domain that continues to favor attackers, network defenders must find any advantage they can to compete against an adversary. An Effects-Based Operation for cybersecurity complements conventional strategies. With this, security teams sift through the volume of looming threats, identifying those that are most pertinent to their enterprise’s interests. This prepares them not only for the near term, but the future as well.
At LookingGlass, we provide clients with a suite of products and services that deliver unified threat protection against sophisticated cyber attacks. If you’d like to learn more about what we can do for your organization, please contact us.