What is Cyber Resilience and how can you achieve it?

Self-Healing: The only true resilience

Written by Ray Powell
Channel Director for EMEA – Absolute

As the cyberthreat landscape darkens each day, the term, cyber resilience is increasing in importance.

A cyber resilient company is in the best position to prepare for, respond to, and recover from a cyberattack. Being resilient, however, means much more than attack prevention or response. A cyber resilient enterprise can continue to function during an attack and is agile enough to adapt and recover from the incident.

While a protection-focused approach may have worked in the past, today’s enterprise must now move to adopt a strategy that is based more on endpoint resilience which, beyond protection, emphasises adaptability, exposure reduction, information gathering and discovery.

Cyber resilience transcends technology and can protect the interests of everyone involved, including the C-suite, staff, shareholders, and the board of directors.

Resilience comes down to having a self-healing capability. Think of it this way: if your company must rely on an external source to resurrect you, then you can’t call yourself resilient. Only those organisations with a self-healing property (being able to recover without human intervention) can be truly classified as resilient.

Ultimately, if the organisation has its eye on becoming more resilient, then it must incorporate technologies with the capacity of self-healing. Running around putting things back together isn’t the preferred state of a resilient enterprise.

SELF-HEALING: THE ONLY TRUE RESILIENCE

In the hardware world, we buy and deploy redundant systems: multiple firewalls, routers, switches, clouds, and cables. We do this because we expect our hardware defences to fail; there’s even a name for it: “failover”. The other term used often is High Availability, which just means more hardware deployed for failover.

In the software universe, the equivalent is resilience. But unlike hardware, you can’t just have clones of the same tools, controls, apps, and agents that play understudy to the primary control. When the primary control fails, the clone steps into the spotlight is not an idea that exists with software.

So, enterprises need to rely on resilient software controls, apps, and agents. But the only way you can claim you are resilient is if you have a self-healing capability. Without it, you don’t have the replacement, so there is no failover. It’s a crack in your security fabric.

IT ALL STARTS WITH A FRAMEWORK

While this resiliency may sound daunting and difficult to achieve, thankfully there is an existing framework from which the enterprise can leverage to improve their resiliency. The NIST Cybersecurity Framework (NIST CSF) outlines specific actions that organisations can perform to see success in their cyber security programs.

The five pillars or actions of the NIST CSF are:

IDENTIFY

Identify each endpoint for a comprehensive inventory
Identify authorised and unauthorised hardware and software
Prioritise endpoints based on classification, criticality, and business use
Benchmark device controls against security standards and policy
Quantify risk based on device vulnerabilities and exposures
Catalogue device, data, user, and application relationships across the end point population

PROTECT

Gain physical access control and geofencing for distributed endpoints
Freeze, delete, and wipe devices through remote commands
Enable secure remote access systems (e.g. VPN) on all endpoints
Validate and restore encryption for at-risk data
Automate validation for data integrity in software, firmware, and cloud storage apps
Control communication from endpoints to the corporate network or domain
Authorize telemetry analysis and remote command for maintenance and repair

DETECT

Establish baseline behaviours for users, data, devices, and applications
Unify asset intelligence across the device population
Monitor user activity and enforce role-based security controls
Score high-risk users with access to sensitive data
Access geo-tracking and user-device awareness
Detect and log configuration changes

RESPOND

Utilize dynamic remediation and control changes
Perform role-based access control for in-console response commands
Deliver continuous device logs and forensic documentation
Isolate a device or group of devices for containment
Push control changes to prevent spread of detected compromise
Command hotfixes to mitigate indicators of exposure (IOEs)

RECOVER

Enforce policies within device controls
Monitor device use and locally accessed sensitive data
Control incident investigations, digital forensics, and documentation
Augment and push new controls for endpoint hygiene
Access documentation instantly for continuous improvement to endpoint hygiene and data protection

A BLUEPRINT FOR RESILIENCE

Each focal point of the NIST CSF is designed for resilient cyber defence and protection and aims to ensure data confidentiality, integrity, and availability. Much of the work that’s needed to be resilient is simply doing the basics: patching, strong authentication, control monitoring, etc.

What’s practical about something like NIST CSF (or CIS Top 20 or ISO or any others for that matter) is that it is a blueprint. Just like a blueprint to a building, the CSF is like having the architect’s plans for a well-engineered structure.

With NIST in particular, the goal is resilience —especially in the protect and recover sections. The Protect (initial resilience) and Recover (learn and grow more resilient) steps are emphasised as the target/goal.

Learn more about Absolute Persistence technology.

Learn more

What is Cyber Resilience and how can you achieve it?

Read more insights…

TOUGHBOOK Cardiff Service and Solutions Centre Innovates at Speed

Empowering Field Workers: The Role of AI in Modern Mobility

Adventure runner completes never-before-seen expedition with a rugged laptop as his only personal item

Driving Digital Innovation In Fire Services at Airbus SAFEcommand