DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery

Is Local Validation and Verification Enough When Assessing Potential Cyber Attacks?

The ability to proactively monitor and scan a production environment to determine the existence of cyber activity has been drastically increasing as new tools and techniques are becoming more sophisticated and available throughout the marketplace. These capabilities, combined with more frequent backups and remote isolation of system and data copies, have provided a strong defense against cyber interruptions for known entities that may compromise a business.

But is this enough, and how are we protecting against the unknown, future attacks that may be hidden from view and go unnoticed for extended periods of time, until such time that they are invoked and severely impact operations?    

For the most part, in addition to standard security protocols for continuous monitoring and checking of the production environment, cyber resilience is defined as a process to ensure adequate backups or point in time copies of the data are frequently captured and sent to an isolated, remotely managed environment that is separated from the primary production site. These ‘protected copies’ are critical should an intrusion be encountered, for use in responding to the attack and required for rebuilding the infrastructure and/or repopulating the data that may have been corrupted or compromised.

But what happens if the remote copy that is a near or exact duplicate of the production site has also been impacted, with the intrusion being unknowingly propagated to the protected environment as part of the regular backup or replication process?  

The addition of an enhanced security monitoring and scanning capability within the remotely stored, isolated environment can greatly improve the level of detailed forensics required to more fully protect against cyber-attacks.   Increasing the depth of inspection through the creation of a custom, isolated sandbox for cyber analysis allows for more extensive forensic techniques that can be deployed to assess the existence of new or unknown entities that may pose a future threat to the environment.  

This existence of an isolated sandbox for cyber analysis would:

  •          eliminate concerns relative to installing additional technology required for deeper analysis
  •          reduce any potential overhead or performance impact on production 
  •          provide an environment for forensics during an actual cyber-attack, effectively letting the non-impacted production continue to run while  diagnostics are executed, and repairs are initiated
  •           introduce the ability to run ‘what if’ scenarios within the environment for the detection of anomalies against protected baselines
  •          position cyber resilience for future Artificial Intelligence deployment to facilitate real-time learning with action based recommendations for resolution         

Continuously scanning and monitoring the production site to protect against cyber activity will continue to evolve and provide greater results relative to protecting the business. These capabilities, coupled with more advanced techniques for capturing and safeguarding systems and data in a remotely secured site, undoubtedly will increase overall cyber resiliency. The introduction of a secondary validation and verification capability in the form of an isolated environment to allow for more sophisticated, strenuous analysis is the next step in the evolution towards a more complete and thorough cyber resilience strategy and design.    


 

How to Plan for Ransomware in 2018
Be Prepared with a Dynamic Incident Response Plan