Many professionals assume that a permanent state of ‘total cyber security’, with a continuous 100% protection guarantee, is impossible. Therefore, the effort must be directed towards designing digital security schemes that are as efficient as possible. This in turn, minimises problems and incidents, making it extremely difficult for hostile actors to cause such problems and occurrences.
Constant digital surveillance defence systems, assembled on the basis of the services provided by a Security Operations Centre (SOC), have been consolidated over time as effective tools for guaranteeing certain acceptable minimum levels of security. Through use of these systems, continuous protection of an organisation against catalogued and known threats is maintained over time, alerting the organisation to the threat as soon as possible.
The SOC systems are improving and strengthening their defensive capabilities to stop threats, as well as streamlining their reactive and warning capabilities so that the impact of digital incidents on organisations is reduced. This means less damage and increased security solutions are reached in a shorter period of time. Cybersecurity systems based on SOC schemes, therefore, have reached a significant level of efficiency as a reactive mode: threats are monitored, stopped, and when an incident materialises, they respond to neutralise them.
In a more advanced stage of development, the SOC model has been incorporating proactive capabilities into its tasks with the general idea of ‘establishing the cyber security line of defence as far away as possible from the perimeter of the organisations’, thus making it more complicated for an attackers threat to materialise. This is a stage in which active searches for threats already take place, although the purpose of detection is maintained in order to neutralise and defend in an essentially reactive manner.
A CDS (Corporate Digital Surveillance)-type solution such as the one designed by TARLOGIC, does not intend to replace the SOC model, nor compete with it. Rather, it intends to provide extra security against all risks and threats that have a potential negative impact on the business, given that the SOC does not provide sufficient coverage against all these risks and threats. Consequently, the CDS approach operates with a vision of security that has a very important, but not exclusive digital dimension. This involves integrating analytical and research capabilities focused on the human factor of risks and threats as well. It is a proactive approach, with automated and manual tasks aimed at getting as close as possible to the threat and interacting with it in order to better understand it, prevent it and/or prepare for it.
The CDS solution is designed and oriented to cover the integral security needs of the business and is adjusted in each case (economic sector, size of the company, growth phase in which the organisation finds itself, etc.) to the required security demand. The solution weighs up together with the client/decision-maker, each of the aspects of this security on the basis of a modular response. It is not a question of building a powerful and generalist security system valid for some cases and invalid for others. It is more a question of arriving at the solution as each organisation needs it according to the security needs of its business activity, specifically and exclusively using the modules that are appropriate and well prepared.
For better performance of these proactive threat search modules and enhanced interaction with them, we must stay well informed of the organisation’s ‘Threat Map’. This is to ensure that the systems capabilities are directed specifically at these threats. Using these Threat Maps, credible scenarios of specific threats will be prepared for each organisation, and with the decision making client. The CDS solution will be assembled based on the best use of each security module and the type of modules required to cover and secure the business against all the negative impact exposures that have been listed.
Each of these modules includes the execution of digital and other operational and analytical tasks to cover all risks and threats in a comprehensive manner, that may impact the business of the organisation at any given time. The interaction with the threat includes the use of tactics, techniques and procedures that replicate those used by hostile actors, as well as traceability and journey in the evolution of this threat and the study of the motivation that has led the actor to act. All these tasks also allow the organisation to generate its own defensive narrative to counteract the non-digital part of attacks such as reputational or sponsored attacks (customers, competitors, etc.). These can have a negative impact against the business and are generally covered in a partial way by traditional cybersecurity architectures. This proprietary narrative also ends up being incorporated into the organisation’s plans and strategies.
The CDS solution is not an alternative to the SOC. The CDS permanently maintains a certain level of perimeter cybersecurity while CDS looks for (and proactively interacts with) threats that are marked by its Threat Map and the most plausible scenarios in which they can be realised. In this sense, CDS is the complement that allows the SOC to receive information about risks and threats in advance, through which they can then focus their surveillance, temporarily or permanently, as well as prioritise resources or distribute defence tasks as and when these risks and threats are outlined.
CDS-type security solutions offer high value and very good performance especially in organisations that have to regularly protect several system vulnerabilities from a wide range of external actors (many clients, a wide and varied number of suppliers, etc.). It is also useful in economic sectors where the reputation of the business is an essential and strategic asset to be protected.