The Defendable Network

  • Simplifies cybersecurity

     

  • Designed to fit customer requirements

     

  • Adapts to real-world change

     

  • Maintains a business focus

Since every organization views the business impact of IT and risk differently, cybersecurity recommendations should be balanced against the unique culture and business requirements of a customer. The Defendable Network is a strategy-based approach for improving security capabilities of an organization to achieve a specific Security Readiness Condition (SecCon) level. SecCon levels range from 5 (highest risk with lowest resources) to 1 (lowest risk and most resources). The progression from 5 to 1 is exponential, with headcount and cost doubling each step along the way.

Proactive Defense Plan
Effective cyber defenses ideally prevent a breach through the use of proactive controls rather than reactive approaches. A cyber defense plan is necessary to deter targeted cyber-attacks being launched by nation states, cyber criminals, and other actors. Due to the speed and adaptability of attacks, preventative controls are necessary to combat the hundreds of attacks which occur on a daily basis. Following our Defendable Network framework will dramatically reduce compromises, minimize the time required for recovery efforts, and lower associated costs for a given level of security..

Plan for Failure
If cybersecurity were the single most important goal of an organization then costs would soar out of control, business agility would be crippled, and the end-user experience would suffer. When we meet with clients we ask how they prioritize security, cost, and impact to the end users (employees and IT personnel). Most organizations won’t allow security to impact the business. Virtually every organization sacrifices IT security to save money and/or improve the end-user experience. Since costs and staffing resources aren’t infinite in any organization, we must be realistic about creating a security strategy that’s “good enough.” This may mean fewer preventative controls and more freedom for the employees. Thus, the need to plan for failure.

Simplify the Complex
Critical Start developed The Defendable Network framework to simplify complex and sometimes confusing approaches like NIST, ISO 27001, and the Cybersecurity Executive Order for Critical Infrastructure. We created a list of 35 Cyber Defense Capabilities for the protection against advanced persistent threats and repeated attacks. This framework is about defending against attacks versus compliance.

Common-Sense Requirements
This approach cost effectively improves security because it allows organizations to prioritize efforts based on budget and available resources. Our prioritized roadmap considers factors like security impact, change to the user experience/business approach, budgets, implementation effort, and operational costs. None of the security frameworks take into account these common-sense requirements. We don’t believe in product roadmaps, but instead focus on security capability that includes process, configuration, and technical controls.

The Defendable Network is an ever-progressing framework updated regularly based on:

  • Changing tactics, techniques, and procedures of attackers (TTP)
  • Shifts in the technology landscape that allow addition of new security capabilities
  • Critical Start experience with real-world clients and penetration testing
  • Client feedback and suggestions
  • Regular review of other industry leading frameworks

The result is a solid, prioritized program for making fundamental computer security defenses a well-understood, repeatable, measurable, and consistent process. The Defendable Network applies to many different kinds of computer attackers, such as malicious internal employees, contractors, individual external actors (hacktivists), organized crime groups (cybercriminals), terrorists, and nation-state actors.

Although our approach will block the vast majority of initial system compromises, nothing will block all attacks. Just as much effort should be applied to detecting already-compromised machines and preventing or disrupting attackers’ follow-on actions. Much of the Defendable Network is dedicated to reducing the initial attack surface by hardening security, identifying compromised machines to address long-term threats inside an organization’s network, restricting lateral movement, and providing comprehensive infrastructure visibility for detection and remediation.

Core Cyber-Defense Capabilities of
The Defendable Network

Prevent Initial Compromise
Reduce the risk of initial compromise and disruption:

  • Minimize the attack surface as much as possible without impacting business operations and user productivity
  • Block known threats to reduce amount of reactive time spent on security

Restrict Lateral Movement
Protect critical assets and information by restricting the lateral movement of attacker

Monitor Infrastructure
Gain visibility needed for quick detection and response to incidents, data, exfiltration, and/or illicit transactions.

Commit to Security Governance
The policies, processes, and resource commitments are the foundation of a security program’s consistent success

THE INSPIRATION FOR THE DEFENDABLE NETWORK

Everyone asks why another framework is required? While there is a tremendous amount of overlap, most of the frameworks do a poor job of allowing an organization to effectively prioritize the different security controls. After seeing many clients struggle to implement a security strategy, we developed the Defendable Network as a mechanism to relay the results of security assessments, penetration testing, and security roadmap engagements. Key inputs to our framework includes some fantastic efforts from people around the world.

  • Top 35 Strategies to Mitigate Targeted Cyber Intrusions by Australian Signals Directorate (ASD). This is the best overall framework in our opinion and is the biggest influencer on the Defendable Network. The Strategies to Mitigate Targeted Cyber Intrusions are ranked in order of overall effectiveness and includes a methodology for prioritization, which is unique for most of the other widely used frameworks.
  • 20 Critical Security Controls by SANS is our second most recommended framework for tactical controls
  • ISO 27001/27002 are highly recommended for building a great security governance program. The ISO standards include a lot of the people/process items that aren’t addressed by SANS and ASD Top 35.
  • National Security Agency/Central Security Service Publication, “Reducing the Effectiveness of Pass-the-Hash”, March 19, 2013.
  • National Security Agency/Central Security Service Publication, “Spotting the Adversary with Windows Event Log Monitoring”, February 28, 2013
  • Security Compliance Manager (SCM) 3.0 that provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practice. http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx
  • US-CERT TARGETED CYBER INTRUSION DETECTION AND MITIGATION STRATEGIES (ICS-TIP-12-146-01B), February 6, 2013. http://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B
  • Critical Start experience with real world clients and penetration testing
  • Client feedback and suggestions
  • Regular review of other industry leading frameworks

Field Offices

Connect With us