Conventional approaches to security architecture focus on hardening systems against attack. The implicit expectation is that, once deployed, it is the system’s responsibility to block all attacks against it. However, systems that rely strictly on hardening cannot learn from, or adapt themselves to, changes in attacker techniques, capabilities, and objectives over their lifecycle. Nor can they address the reality that attackers occasionally succeed. The ongoing efforts of sophisticated adversaries, including the Advanced Persistent Threat (APT), require systems that can be actively defended in an equally sophisticated manner. An intelligencebased model that builds an understanding of attackers from a variety of intelligence sources, including their interactions with the system itself, enables defenders to adapt to and anticipate changes in adversaries’ attacks.
Defendable Architectures describe an alternative approach to system architecture by explicitly designing, implementing, and maintaining systems to support Intelligence Driven Defense® practices. The result is a virtuous cycle of greater visibility into systems to gather intelligence, faster translation of intelligence into defensive measures, and more effective deployment of those measures into the system’s security controls. Moreover, threat intelligence can be leveraged when building systems to ensure their design is well adapted to current and emerging threats. This concept is also extended to the enterprise as a whole, describing how organizations can plan and deploy their systems and infrastructure with Intelligence Driven Defense in mind.
Applying this approach, organizations can build systems that are resilient to cyber attacks, and create system designs that are resilient to changes in attackers’ techniques and objectives. Defendable Architectures provide an approach for creating systems that can be defended against attack, survive compromise, and adapt to adversary changes.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program