Review: Advanced Persistent Security
About the authors
Ira Winkler, CISSP is President of the Internet Security Advisors Group. He is considered one of the world’s most influential security professionals.
Araceli Treu Gomes is an Intelligence and Investigations Subject Matter Expert for CrowdStrike. She serves on several cybersecurity industry boards.
Inside Advanced Persistent Security
As businesses are finally beginning to realize that their cyber defenses can and will occasionally fail and, therefore, must continually evolve, this book couldn’t be more topical.
By Advanced Persistent Security, the authors mean a process of constant examination of potential incidents and attacks and the tweaking of cyber defenses to protect against them – a dynamic environment that mimics the contant change of Advance Persistent Threats. The book addresses protection, detection, and reaction, and is based on the premise that a comprehensive security program is a living program.
The authors explain how defenders need to be proactive, not by mounting random defenses before even being aware of a specific attack, but by constantly preparing to react to an expected occurrence. They advocate knowing things like kill chain basics, so that defenders can engage earlier in the attack cycle, and concentrating on preventing attackers from achieving their goal (and not just setting up supposedly impenetrable defenses).
They also explained risk and risk management very well, and why risk optimization is crucial when making the right decisions about defense.
The authors differentiate between malignant (e.g. human error, unreliable technical infrastructures, etc.) and malicious threats (e.g. active adversaries), and find that defenders focus way too much on the latter, while the former can result in bigger damage and losses.
When it comes to detection, they explain, in detail, why good governance is the basis of a successful security program, and why organizations need to identify and address the various physical, technical, operational, and personnel vulnerabilities – and how. An extensive chapter is dedicated to the technologies and policies that can be implemented to counter each of these vulnerabilities, and another one to the one countermeasure that includes many of those noted: creating a culture of security within the organization.
The section about detection talks about how to determine what is to be detected and where defenders need to look for indicators of intrusion, which things to ignore, and about the importance of making everyone in the organization part of the security team (i.e. be on the lookout for unusual activities, know how to react to them, and report them).
Finally, in the “Reaction” section, they explain the need for defining a reaction strategy, setting up an incident response team, and creating the right metrics for evaluation the success of the various elements of the security program.
The authors stress the importance of knowing your organization and what security measures it needs, as well as knowing your adversaries. The last few chapters will help readers address the creation of a security program in a methodical way.
Final thoughts
No protection can ever be perfect, but risk reduction should be attempted, and detection should be in place when protection fails, so that organizations can react appropriately.
This book is not overly technical, nor detailed. Instead, it provides those who are tasked to implement an organization’s security strategy with an easy-to-follow plan of action to cover – and keep covering – all their bases.