Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Management & Strategy

The Art of (Cyber) War: How Adversarial Thinking Strengthens Cybersecurity

Cybersecurity is unique compared to most other business operations, even most IT operations. Unlike marketing or network management—both of which tackle difficult and ever-changing challenges in the business operating environment—cybersecurity pits defenders against intelligent, creative and deliberate opponents. 

Cybersecurity is unique compared to most other business operations, even most IT operations. Unlike marketing or network management—both of which tackle difficult and ever-changing challenges in the business operating environment—cybersecurity pits defenders against intelligent, creative and deliberate opponents. 

Hackers are aware that they are actively hunted and thwarted at every step between target scoping and data breach. That means they are applying the full brunt of their ingenuity and technical expertise to avoid cybersecurity defenses as they pursue their goal.

Even though this struggle takes place in cyberspace, the lessons from real battlegrounds retain their relevance and significance. In the ancient military strategy text, Art of War, Sun Tzu makes the point “If you know the enemy and know yourself, you need not fear the results of a hundred battles.”

Cybersecurity teams need to adopt an adversarial mindset that allows them to tackle the unique challenges of the cyberspace. This involves clearly understanding what their enemies are capable of and preparing an appropriate response.

Communication and visibility

The most valuable weapon on the battlefield is information about your team and their current state as well as your enemy. “If ignorant both of your enemy and yourself, you are certain to be in peril.”  This holds true in reverse as well. Hackers want to know as much about your networks as they possibly can. 

The first step in a targeted cyber-attack is recon. By scanning public facing systems, hackers can learn a great deal about an organization’s IT infrastructure, including potential vulnerabilities. Once they have made their way onto the system, a hacker’s first priority is to establish a persistent connection that allows them to maintain visibility into the network they have infiltrated.

Advertisement. Scroll to continue reading.

As a result, the first priority of a cybersecurity team needs to be cutting off communication between their systems and hackers. This is especially true for botnets or cryptojacking malware in which the main benefit to hackers relies on sustained, two-way connections to the infected devices to leverage their computing power for DDoS attacks or mining cryptocurrency. 

It is also important for cybersecurity teams to have visibility into their networks to understand what normal behavior is and what could be driven by hackers. It is easy for hackers to slip onto networks through unmonitored open ports or by infecting third-party devices that have access to internal networks if cybersecurity teams are watching them closely. By developing a strong understanding of the digital assets connected to the corporate network, cybersecurity teams can better protect themselves against threats targeting devices they are not regularly monitored. 

At a higher level, cybersecurity teams need to know the current state of cyberspace, i.e. the latest malware, vulnerabilities and exploits in use by hackers so that they can better protect their systems. Monitoring and installing security patches to the systems they use on a regular basis significantly improves their defenses against these threats. They can also ensure that their malware defenses recognize and stop malware if they are consistently checking for new developments. This is easily achieved by monitoring new research from respected threat research teams or by joining an information sharing group that monitors threats relevant to that team’s industry.

Implement elite training 

Cybersecurity skills are a constantly moving target that require continuous training.  Hackers have a lot of bots at their disposal and a lot more IT appliance features they can exploit.  Cybersecurity is a multidisciplinary field requiring comprehensive knowledge of computer network and systems, understanding the differences in IT/security architectures, and, of course, people and social engineering. It is a profession that requires continuous updates and training against the latest tools and techniques. 

Militaristic philosophies of train, train, train against realistic opponents are necessary. “Victory usually goes to the army who has better trained officers and men.” By providing exposure to realistic situations that can arise during a cyber-attack, organizations can better prepare their cybersecurity teams to face whatever hackers throw their way, no matter what their previous experience level. Allowing your IT teams to play the roles of attackers and defenders also provides perspective.  Red teaming with a multi-layered attack simulation that measures how people, networks, applications and physical security controls can withstand an attack from a real-life adversary is a must. But, it is equally, if not more, important for teams to practice in real-world environments which can be difficult to do. 

There is a growing offering in the industry called “Cyber Ranges” that can simulate internet-scale environments to develop elite cybersecurity teams by imitating attacks on IT infrastructures. In these environments, cybersecurity teams can test their defenses against the latest hacker techniques and mimic successful breaches as case studies. 

Cybersecurity is a rapidly-moving and evolving field, but the challenges it presents are not insurmountable. By taking some time to understand the enemy and how they work, cybersecurity teams stand a better chance of stopping them. “The supreme art of war is to subdue the enemy without fighting.”

Written By

Marie Hattar is chief marketing officer (CMO) at Keysight Technologies. She has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before becoming Keysight’s CMO, Marie was CMO at Ixia and at Check Point Software Technologies. Prior to that, she was Vice President at Cisco where she led the company’s enterprise networking and security portfolio and helped drive the company’s leadership in networking. Marie also worked at Nortel Networks, Alteon WebSystems, and Shasta Networks in senior marketing and CTO positions. Marie received a master’s degree in Business Administration in Marketing from York University and a Bachelor’s degree in Electrical Engineering from the University of Toronto.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...