2012 was jam-packed with network breaches and 2013 will be no different. It’s important to learn and understand new attack methodologies and take a proactive approach to defuse these threats. In this blog post we’ll share a few simple formulas to reduce risk, comply with regulations, and harden your systems against cybercrime.
The first formula is based on U.S. military basic war tactics and is called the four Ds. They are:
1. Detect – awareness of a threat
2. Deter – preempting exploitation
3. Defend – fighting in real-time
4. Defeat – winning the battle!
The second formula is well known in network security circles and is called the “Risk Formula”:
R = T x V x A
(R)isk = (T)hreats x (V)ulnerabilities x (A)ssets
So, to fully understand your risks, you need to deal with:
Threats = Cybercriminals, malware, malicious insiders
Vulnerabilities = Weaknesses that threats exploit
Assets = People, property, your network, devices, etc.
Now, let’s put these two formulas together—the 4Ds and the Risk Formula—to build a more proactive, next-generation defense:
4Ds x R = [4Ds x T] x [4Ds x V] x [4Ds x A]
Using the 4Ds with the Risk Formula:
- Threats need to be detected, deterred, defended against, and defeated in real-time or expect downtime.
- Vulnerabilities need to be detected, deterred, defended against, and defeated (i.e. removed by system hardening, reconfiguration, patching, etc.) as quickly as possible or expect to be exploited.
- Assets need to be controlled—which ones gain access to your network/infrastructure and those that are trusted but weak or infected need to be quarantined in real-time or expect malware propogation.
You’ll never be 100% secure, but you can dramatically reduce your risk and proactively defend your organization by containing and controlling threats, vulnerabilities, and assets.