Much has been written recently regarding a new paradigm in cybersecurity defense, namely, the “Assume Breach” posture. We at
Thom Infotech feel that this paradigm is worthy of consideration
What is the “Assume Breach” Paradigm?
Loosely defined, the “Assume Breach” paradigm anticipates that attackers will eventually breach the perimeter. With this in mind, a “what then” strategy emerges and a mature security model begins to take shape.
A good comparison is the Covid-19 Pandemic. For most, prevention has been the default response. Social distancing, masks, isolation of infected individuals, and vaccination have been the primary strategies. Traditional cybersecurity countermeasures are strikingly similar. The steps taken usually include the following:
- Perimeter Defense
- Installing and maintaining a firewall appliance
- Maintaining a threat detection subscription
- Performing timely security updates to the firewall
- Reducing or eliminating “pinholes”, or inbound forwarded network access
- Deploying a secure Virtual Private Network (VPN) to allow trusted devices to connect from outside the network
- Messaging Defense
- Scanning incoming email messages for spam and malicious payloads before they are delivered to the inbox
- Endpoint Defense
- Antivirus software
- Software patches and updates
These measures have been the primary business cyber defense strategy for years. Sadly, however, many I.T. departments fail to maintain critical patch levels of the firewall, servers, and computers. Updating other network equipment such as printers, switches, wireless equipment and the like is rarely even considered. More needs to be done, even if the measures above are properly implemented.
How should you respond?
Much like Covid-19, you should assume that your countermeasures will be insufficient. A trusted individual can unknowingly introduce either type of infection into a protected realm. Your mask might allow the virus to pass, or an infection might break through a vaccinated individual. Your firewall or email protection might allow an infected zero-day attack into the perimeter. Or perhaps one of your employees will fall victim to a phishing email. What then?
Specifically, will the intrusion:
- Find fertile soil?
- Establish a beachhead?
- Move laterally?
- Escalate privileges?
- Launch subsequent attacks?
- Exfiltrate your data?
- Encrypt your files and programs?
- All of the above?
Are you confident that your existing cybersecurity defenses are healthy enough to launch a counterattack and beat back the intruder?
This is where the Assume Breach paradigm shines. A competently designed and maintained computer network can provide the early detection and response needed to prevent a threat from running roughshod over your network, your users, and the data and processes upon which your entire business relies. With the right practices and solutions, an exploit can be detected and isolated before it can establish a foothold. Properly engineered networks will reduce or eliminate the target-rich environment commonly exploited by cleverly-designed attacks.
Summary
It appears the answer is yes, the Assume Breach paradigm is both valid
and valuable. Rather than focusing merely on prevention, smart businesses also need to plan for survival.
Thom Infotech has the tools and expertise to help.