Protecting Critical Infrastructure: How Choke Points Can Improve Security

The Challenge of Limited Resources in Cybersecurity

As technology evolves, so do the challenges that information security professionals face. One of the primary challenges is the increasingly limited resources, including money, human capital, and tools. The need to do more with less often creates a situation where security teams find it challenging to keep up with the emerging threats. Organizations face a growing list of exposures that need remediation, which expands every hour. This makes it almost impossible for organizations to get ahead of the risks.

According to research by Cisco, over 75% of organizations have more than one in four assets that can potentially be exploited. Similarly, based on internal research on 60 million exposures and thousands of attack paths, organizations typically have over 11,000 security exposures that attackers can exploit. Large organizations can have up to 200,000 exposures.

A Remediation-Centric Approach

Despite the overwhelming number of exposures that organizations face, it’s crucial to take a more targeted approach when addressing cybersecurity risks. Instead of attempting to remediate all exposures, organizations can be more focused by stopping attackers at choke points. Choke points are specific locations that attackers must pass through before reaching a critical asset. By defending these choke points, companies can reduce the number of exposures that require remediation.

Choke Points in Cybersecurity

The concept of choke points has been used in military tactics for centuries as a way to delay enemy forces. In cybersecurity, teams can defend locations that attackers must traverse. By reducing 11,000 exposures to only a few hundred, defending choke points can be a proactive approach to mitigating cyber risks.

Mapping Your Environment

Knowing where to focus the security team’s efforts is not easy if they don’t know precisely where to defend. Mapping out the organization’s assets and the most common attack paths is essential. Research has identified that attackers often target credentials and permissions, and active directory attacks are prevalent blind spots. Active directory has a vast attack surface and can be daunting to understand. Microsoft has several resources to help organizations better understand and mitigate Active Directory attacks.

Shifting the Mindset

The approach to cybersecurity needs to shift from a visibility-centric to a remediation-centric approach. This may require a shift in mindset, but it will allow organizations to work more efficiently, reduce the workload on IT and security teams, and mitigate risks optimally.

Editorial

The rapid expansion of digitization has created an environment where the new cyber threats emerge as quickly as the security patches that can mitigate them. The continuous need for investment in cybersecurity makes it challenging for many organizations to properly allocate resources. Owing to the limited resources and the ever-growing threat landscape, it is prudent to focus cybersecurity resources and efforts on choke points. The idea behind securing choke points in networks is not new, but its pragmatic implementation in modern networks helps reduce the number of exposures that require remediation, saving time, resources, and effort.

Advice

Cybersecurity threats are increasing at an unprecedented rate, and the need to protect networks, systems, and data has never been greater. Organizations with limited resources should prioritize security efforts by identifying choke points along their network. These choke points are specific locations that attackers must pass through before accessing critical assets. By understanding these choke points, organizations can focus their efforts on identifying and mitigating vulnerabilities at these specific locations. By doing so, companies can significantly reduce their exposure to potential threats while making optimum use of resources.