Protecting our most important business assets from cyber threats is a growing challenge that we all face. We are more and more dependent on IT and connectedness for the delivery of our services, the operation of our infrastructure, and even our daily life. The growing complexity and scale of the underlying infrastructure exceed the grasp of most individuals, with interacting devices, sensors, and apps supporting an ever-larger portion of our economy and society.
Every single component of our IT and network infrastructure is intrinsically vulnerable and exposes us to adversaries that could cause disruption. In the meantime, our adversaries are becoming more competent, stealthier, and brazen. Cyber means to achieve their goals are easily accessible, from scanners to discover and fingerprint their targets to a variety of tools to intrude and breach their assets of interest.
Defending against these cyber threats is becoming harder and for most organizations, it has become out of their reach. Proper countermeasures now require continuous monitoring of threats and an adaptive response strategy to mitigate relevant risks.
We have, as a community, must become more clever and better organized in order to have a chance of maintaining our resilience in this challenging environment. It requires better observation of our adversaries’ infrastructure and methods, a faster exchange of the resulting insights within the community, and more efficient conversion of threat intelligence into our detection and prevention tools and processes.
In order to achieve these goals, the community needs to increase their readiness to share curated Indicators of Compromise (IOCs), as wells as relevant techniques, tactics, and procedures (TTPs) using commonly agreed standards and taxonomies. The progress made on STIX, TAXII, ATT&CK, and OpenC2 are valuable contributions in this context. More work is needed to operationalize these concepts and to define efficient ways to exchange critical controls, hunting rules, and playbooks.
I believe that a critical component of our ability to mitigate active cyber risks is the automation of detection and prevention actions. I’m therefore very pleased and excited to join the Advisory Board of Phantom Cyber, the leader in security orchestration and automation. I’m very impressed with the leadership and technical teams and I’m enthusiastic about their community of users actively engaging in exchanging insights, use cases, and playbooks.
I’m looking forward to interacting with this growing community and to contribute to it in order to make progress in this very important field.
Freddy is based in Brussels, and has a long history with the European Commission. He was most recently head of CERT-EU. Connect with Freddy on LinkedIn to learn more about his extensive career in cybersecurity and continue the conversation.