One of the biggest pain points in cybersecurity today is just knowing where your cybersecurity budget should be spent to defend your business to the greatest effect. Nearly every vendor of cybersecurity software touts ROI numbers and lists the vectors of attacks they can defend against. These vendors will also list how easy it is for small teams to implement the software due to the increased skills gap we’re continuing to see in the cybersecurity industry. There’s no easy way to determine what’s best in terms of network security investment currently, but there may be a methodology coming from NIST soon.
Researchers from the US National Institute of Standards and Technology (NIST)- Van Sy Mai, Richard La, and Abdella Battou have been developing a way for businesses to optimize the investment into cybersecurity in order to streamline and minimize the costs of securing networks, recovering from breaches, and repairing the damage afterward. This could potentially help businesses across the country build out the most effective protection and steer investment in cybersecurity in a more holistic way.
The published paper titled “Optimal Cybersecurity Investments in Large Networks Using SIS Model: Algorithm Design” describes a way of visualizing the massive sea of (IOT) Internet of Things, and the vast enterprise networks we’re looking to defend every day through the lens of infections models that mimic the infectious disease models that we see applied to pandemics. In the same way that disease can spread more quickly through populations that have a lot of contact, networks are equally susceptible to outbreaks through many devices being connected and communicating.
“From this viewpoint, it is clear that the underlying networks that govern the interdependence among systems have a large impact on dynamics of the spread of failures or malware infections. Similarly, the topology and contact frequencies among individuals in social networks significantly influence the manner in which diseases spread in societies. Thus, any sound investments in security of complex systems or the control of epidemics should take into account the interdependence in the systems and social contacts in order to maximize potential benefits from the investments.”
Limiting internal network traffic has been at the forefront of cybersecurity for some time, right beside understanding the traffic and log data within. Entire software platforms developed for Security Information and Event Management (SIEM) to help visualize and aggregate the activities occurring in real time. Imagining cybersecurity and threat models through the infectious models doctors and researchers have already developed can help us develop better methodologies in applying things like segmentation and micro segmentation in the very same way that we use social distancing and isolation to battle disease.
While the NIST model is just conceptual at this time, it’s still wise to consider investing in a SIEM or XDR solution to monitor your systems for any anomalous behavior. Today’s networks are widespread due to cloud expansion and remote work. Having a single pane of glass to monitor your cybersecurity can increase Mean Time to Respond and reduce attacker Dwell Time significantly. Black Tower Security offers a range of SIEM services. If you’d like help developing your SIEM through our Security through Integrity based approach, feel free to contact us today.