Hello, and welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we are going to talk about using an adversarial mindset when planning a cybersecurity strategy, or when trying to understand more about how adversaries work. For those that may not be familiar with the term, an adversary as defined by the Oxford dictionary is “one’s opponent in a contest, conflict, or dispute.” So, this discussion is how to strategize your cybersecurity posture with your opponent in mind.
Isn’t that what we already do? I mean, the whole idea behind protecting confidentiality, integrity, and availability is to prevent our opponents from doing any of those harm. Adversarial thinking, however, presumes your adversary, or opponent, is already inside your environment versus just trying to get in. Would that change your approach to security?
Think about it. Let’s use a house as an analogy here. You are trying to keep things in your home safe, but the adversary is already inside. Is every room accessible once you get into the house? Or, since you are planning this strategy with the adversary in there already, would you ensure that even internal doors are secured?
Adversarial thinking closely aligns with the NIST publication we discussed a few weeks ago, NIST special publication 800-207, Zero-Trust Architecture. Again, thinking about your environment with an already-present adversary in mind helps bring the topic of zero trust into better focus. Once you are in the environment it really shouldn’t matter, you will need to authenticate everywhere you attempt to access.
Adversarial thinking can also help you prepare for the unknown. Not completely, mind you, since no one can truly guess what an adversary will precisely do, how they will act, or where they will move next. Thinking like the bad guy can help expose gaps, can help guide security professionals towards areas that might not have been considered previously, which helps the overall organization strengthen their security posture.
Ok, so we now know what adversarial thinking is and how it will help, but how do you do it? How does one think like a threat actor? Well, again, like many things we have discussed throughout the various TomCasts, there is no one-way to do that. Think of your organizations critical business objectives. What does your organization need in order to fulfill its goals? If you know what those objectives are, and what services are in place to ensure those objectives are met, what would it take to interrupt those services? How would you go about it?
Again, it is merely turning the table around and putting yourself into the mindset of the attacker. What are you, the attacker, trying to accomplish? Service disruption? Data theft? Information harvesting? For an adversary that is already inside the environment, how easy would it be to accomplish these things? Does your organization have the necessary security measures in place to thwart an attack of this nature, or do they need to bolster their posture with tools or techniques to ensure the attacks are unsuccessful?
GuardSight is a managed security services provider that employs adversarial thinking in their daily operations, as they deal with threat actors on a daily basis. They are familiar with how many threat actors work, how many organizations have been breached or compromised, and they use this knowledge when threat hunting and protecting data, assets, and endpoints. So, if you have a question on how to employ adversarial thinking and want to learn more, reach out to the folks here at GuardSight. They would be very happy to help you!
We here at GuardSight thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight can do for you, head on over to www.guardsight.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!