Defensive regression in cybersecurity

backwards up slide
downing.amanda (Creative Commons BY or BY-SA)

What is defensive regression?

There has been a lot of talk lately about defensive regression in cybersecurity. But what exactly is defensive regression? It's not the regression that Sigmund Freud talks about, although there are plenty of folks that don't act like adults in our industry - long live office ball pits :-).

Perhaps the simplest way to think about defensive regression in cybersecurity is that stuff breaks over time. In the cybersecurity world, there is a lot of stuff and a lot of people intentionally and unintentionally breaking that stuff.

Consider your security infrastructure. Maybe last week it was rock solid, but what about today? What changed? Have your defensive capabilities "regressed" and if so, why? Here are a few culprits that can lead to defensive regression in cybersecurity.

  • Network or system misconfigurations
  • The person that “knew this stuff” left the organization
  • A necessary patch wasn’t added or a patch broke it
  • A process was not being followed, or a bad process was
  • Exploits

Mitigating defensive regression?

Mitigating defensive regression in cybersecurity requires a solution that can safely and continuously validate that your talent, techniques and technology are all working as assumed. But more importantly, removing the assumptions all together and instead of assuming, knowing what’s working and what’s not.

Solutions that can effectively mitigate defensive regression in cybersecurity will be able to help you answer the following questions.

  • Am I blocking malicious activity?
  • When I’m not blocking malicious activity am I detecting it?
  • If I detected malicious activity, how am I responding to it?
  • Am I getting the full value out of my defensive controls like firewalls and SIEMs?
  • Am I using threat intelligence as a lagging indicator or have I personalized and operationalized it?
  • Can I measure what security controls are working and what’s not across my network, endpoints, etc.?
  • Can I create trends to show if I’m doing better or worse than last week, month, year and if worse, why am I experiencing defensive regression?
  • Can I demonstrate the value that the security organization brings to the company?
  • Can I remove guessing from my security management vocabulary?

Defensive regression is a topic that I’m happy to be seeing discussed at operational and executive levels within organizations. And it’s one of the underlying security concepts that if not addressed, prohibit any amount of security spending from making your organization more secure.

Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)