Confronting increasingly complex and widespread cyber-attacks
Cyber-attack strategies have grown increasingly sophisticated over the last few years. Attacks are no longer isolated, one-off attempts. They are now multi-pronged coordinated events. However, this new type of threat can be contained by implementing adapted and responsive corporate security surveillance systems. This is a pre-requisite for any kind of cyber-defence policy.
When it comes to IT system protection and security, decision-making capacity is crucial for companies. Speed, in particular, is of the essence. This implies that the nature of the risk, its possible ripple effects and its damage-inflicting capacity must be properly identified, diagnosed through data analysis, and characterised upstream of the attack. For further information, see: Metrics. Various SIEM (Security Information and Event Management) tools and software applications are currently available on the market to implement a suitable and sufficiently agile and prompt response. These can not only simultaneously and instantaneously detect potential threats, but can also configure and automate defence routines that are best adapted to the nature of the incoming attack. This is where difficulties can arise in complex systems, where conflicts may appear. In other words, different sub-system responses may come into conflict when faced with an attack or a “security event”. Different ways of solving the conflicts have to be found by analysing the hypotheses and options available. Security managers therefore have no choice but to anticipate the conflicts by defining an ad hoc crisis management methodology which can not only contain the attack, but also manage the conflict and preserve network integrity, while attempting to ensure at least some kind of continuity of service.
Confronting and responding effectively to increasingly sophisticated cyber-attacks
Since it was founded, the Institut Mines-Télécom’s Cybersecurity Chair has specialised in the definition and implementation of security event remediation solutions, in particular in business contexts. Its research focuses on two main areas: transitioning from centralised, sequential processing to parallel, distributed processing; and activating effective post data analysis responses, suitably configured to deal with the intrusions, while ensuring system security continuity. The Cyber CNI research team has focused more specifically on various techniques that can be implemented to dynamically update corporate and institutional IT security policies. On a more detailed level, this means developing a “security intelligence” that can perform real-time data analysis and adapt to environmental evolution and changes, if need be by enabling or disabling degraded modes. The team’s work consists in describing, modelling and developing the technical response required to implement the proposed solutions. All the cyber-defence response and optimisation work undertaken by the Cyber CNI research team is backed up by experimental case study validation in partnership with client companies, as is all the work conducted on Analytics and Metrics. All critical infrastructure businesses are particularly vulnerable to specifically targeted, multi-pronged, coordinated security events.