Cyber Resilience – don’t play to win, play not to lose

United Kingdom, Dec 21, 2023

By Mike Fry, Security Practice Director, Logicalis UKI

Tyson Fury is considered by many to be one of the greatest boxers of our time. It is an interesting observation that on the surface, seems implausible when you consider that he does not appear to be the most muscular, the leanest, or the fittest fighter out there. He is of course, not infallible. On many occasions, despite his size, he has been knocked off his feet by fighters seemingly smaller and weaker.

However, what makes him a remarkable fighter to his fans, is his ability, despite his large frame, to rapidly rise to his feet, and continue the fight. His training and preparation have conditioned him for these situations. He never gives up. He regains composure and carries on, business as usual. In the ring, he is highly resilient.

As businesses protecting ourselves from a thriving cyber-criminal economy, now worth more than the narcotics trade, we can learn much from this. As threat actors gain greater sophistication with more tools at their disposal, it is pure fantasy for organisations to assume that even with the very best defences in place, they won’t get hit. As Mike Tyson once said, “…everyone has a plan until they get punched in the mouth.” It’s going to happen. The secret, as with Fury, is to have a plan and be able to recover quickly, cleanly and carry on. Business as usual. In short, we need to be cyber-resilient.

When customers ask us how they can improve their cyber resilience, there are several frameworks that can be used against, such as CIS or NIST. A good Security partner will be able to run an assessment against one of these frameworks to assess cyber maturity, highlight gaps and make recommendations. Once this is understood, governance and controls should be reviewed across all areas, particularly around those requiring the most attention. Finally, appropriate technology stacks should be considered to enhance the security posture of an organisation.

When it comes to cyber-security technology stacks, there is an ever-growing plethora of vendors. This poses organisations with the problem of not being able to see the wood for the trees. Whilst there are many very capable products in the market, they often only do one job. Where organisations can leverage most value is by working with a platform vendor - one that has a broad set of capabilities all within one wrapper. One such vendor, is IBM.

Let’s take a look at how IBM Security solutions can sit inside the NIST framework to increase an organisation’s cyber resilience.

Identify – data protection solutions such as IBM Guardium scans on-premise and cloud database infrastructure to detect vulnerabilities, identify threats and security gaps, then recommends remedial actions. In addition, IBM Randori Attack Surface Management continuously uncovers and prioritises shadow IT risk. By combining both alerts from these platforms with a SIEM, such as IBM QRadar SIEM, organisations are more able to quickly respond to alerts and have a better understanding of where a security breach may have had an impact by identification of security events, protection through real-time monitoring, and detection of security incidents.

Protect – IBM Guardium further protects data, databases and applications both on-premise and across multi-cloud through encryption, key management and access control. Guardium will encrypt data both at rest and in transit, further enhancing the Protect pillar within the NIST framework.

Detect – IBM QRadar SIEM provides visibility and correlation of information events across on-premise, cloud and hybrid environments, all in a single pane of glass. With over 700 standard integrations, it provides near-real-time detection that is powered by Machine Learning and AI to automatically prioritise threats.

Respond – As a logical partner to IBM QRadar SIEM, QRadar SOAR automatically manages responses to significantly reduce Incident Response times by automating tasks and playbooks. Furthermore, the automatic compliance reporting and 180 in-built privacy regulations within IBM QRadar is a powerful tool when adhering to GRC requirements. 

Recover – IBM FlashSystem Cyber Vault protects data by creating isolated, immutable snapshots of data to protect against cyber-attacks, malware and insider threats. Next, copies are scanned for signs of data corruption and anomalous changes. Perhaps most significantly, however, snapshots are stored on the same FlashSystem storage as operational data, meaning recovery is significantly faster than restoring copies stored separately.

This broad set of integrated capabilities is where the true power of cyber resilience can be realised. Using recognised frameworks, understanding the governance context and working with best-of-breed technology platform vendors, means that when you do get hit in the mouth, and you will get hit, you have a plan and can get back up again, quickly and cleanly. Business as usual.    

Related Insights