The Resilience Revolution: Embracing Fast and Ever-Evolving Defenses
By | Published on October 12, 2023
A Transformative Shift in Cybersecurity
In a recent interview at Black Hat USA 2023, Kelly Shortridge, senior principal at Fastly, discussed her research on the resilience revolution and the need for the cybersecurity industry to be more nimble and adaptive in the face of ever-evolving attackers. Shortridge argues that the current approach to cybersecurity, which focuses on preventing attacks, is too slow and reactionary. Instead, she proposes a socio-technical transformation that embraces a mindset similar to that of attackers.
Shortridge defines the resilience revolution as a transformation that empowers security teams to imitate attackers and become faster and ever-evolving in their defenses. She argues that resilience, the ability to prepare for, respond to, and adapt to failure gracefully, is a key characteristic of attackers that many security teams currently lack. To address this, Shortridge suggests a shift from a focus on preventing attacks to one that prioritizes better response capabilities.
Embracing Failure and Learning from Attacks
According to Shortridge, a crucial step in transitioning to an attacker mindset is to move away from blaming human error and instead examine all the contributing factors to an incident. This requires a deeper understanding of the complex and messy complications that make failure possible. By taking a holistic view of incidents and avoiding simplistic attributions, security teams can identify systemic issues and improve their response strategies.
Automation as a Tool for Speed and Efficiency
Shortridge emphasizes the importance of automation in building fast and effective response capabilities. By leveraging technologies such as infrastructure-as-code, security teams can update block lists, patch systems on demand, and release security updates quickly. Automation not only improves speed but also enables security teams to minimize the impact of attacks and enhance their ability to fight back.
Borrowing from Attackers: Speed, Experimentation, and Challenging Assumptions
Shortridge believes that security teams can learn from attackers by adopting their successful tactics. Attackers are known for their speed, nimbleness, and their ability to leverage automation. Security teams should embrace these qualities and prioritize experimentation to validate the effectiveness of security controls. Moreover, Shortridge suggests that defenders need to challenge assumptions and proactively poke and prod their systems, rather than relying solely on threat hunting.
Security as a Subset of Software Quality
While the cybersecurity industry faces various challenges such as legacy systems and regulatory compliance, Shortridge believes that the path to resilience is achievable. She suggests viewing security as a subset of software quality, which involves embedding security in the design of systems. By prioritizing solutions that are integrated into the system’s architecture, security teams can reduce manual efforts, improve flexibility, and minimize impact.
The Role of Collaboration and Mindset Shift
Shortridge highlights the need for collaboration between security and software engineering teams to drive the revolution. By aligning their goals and priorities, both teams can work together to modernize systems and design solutions that enhance both reliability and security. She argues that changing the mindset and embracing design-based solutions are key parts of the revolution, and they offer a less risky proposition compared to relying solely on bolt-on tools.
Infrastructure as Code: A Powerful Tool for Automation
According to Shortridge, one automation tool that security teams should consider is infrastructure-as-code. This approach allows the encoding of desired properties into systems, enabling faster incident response, efficient change control, and minimization of misconfigurations and environmental drift. Infrastructure-as-code provides security teams with a powerful tool that aligns with the resilience revolution’s goals of speed, flexibility, and adaptability.
Editorial
The resilience revolution proposed by Kelly Shortridge presents a thought-provoking approach to cybersecurity. In an era where attackers are constantly evolving their tactics, security teams must adapt and become more agile. The current focus on prevention alone is no longer sufficient in combating the sophisticated threats that organizations face today.
Shortridge’s emphasis on embracing failure and learning from incidents is a fundamental shift in mindset. Instead of blaming individuals, security teams must take a systemic and holistic view when evaluating incidents. By doing so, they can identify underlying issues and improve their response strategies.
The use of automation and infrastructure-as-code as tools for faster and more efficient incident response is also a welcome development. Speed is often viewed as a detriment in cybersecurity, but by embracing it, security teams can release security updates and fixes quickly, minimizing the impact of attacks.
Challenging assumptions and experimenting with security controls are essential aspects of the resilience revolution. Attackers constantly test their methods, and defenders need to adopt a similar mindset to proactively identify vulnerabilities and weaknesses in their systems.
To fully realize the resilience revolution, collaboration between security and software engineering teams is essential. Breaking down silos and aligning goals will enable the modernization of systems and the embedding of security principles in their design.
While the implementation of the resilience revolution may present challenges, it is an achievable goal. By emphasizing security as a subset of software quality and prioritizing design-based solutions, organizations can build resilient systems that can adapt and respond effectively to emerging threats.
Advice: Moving Towards Resilience
For organizations looking to embark on the resilience revolution, several steps can be taken:
1. Embrace a mindset shift:
Move away from a focus on prevention and start prioritizing the ability to respond and adapt to incidents gracefully. This requires accepting that attacks are inevitable and focusing on minimizing their impact.
2. Foster collaboration:
Encourage collaboration between security and software engineering teams. Align goals and priorities to modernize systems and embed security principles in the design of new solutions.
3. Adopt automation tools:
Leverage automation technologies such as infrastructure-as-code to speed up incident response, enhance change control, and minimize misconfigurations. Automation can significantly improve the agility and effectiveness of security teams.
4. Challenge assumptions:
Proactively challenge assumptions within your security strategy. Regularly test and experiment with your security controls to ensure their effectiveness against evolving threats.
5. Learn from attackers:
Study the tactics used by attackers and adopt their successful strategies. Embrace speed, nimbleness, and experimentation as key principles in your defense strategy.
6. Prioritize security within software quality:
View security as an essential component of software quality. Embed security principles into the design of systems, ensuring that security is not an afterthought but an integral part of the development process.
By following these steps, organizations can position themselves at the forefront of the resilience revolution, better prepared to face the ever-evolving cybersecurity landscape.
<< photo by Rehook Bike >>
The image is for illustrative purposes only and does not depict the actual situation.
