Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

“Left and Right of Boom” – Having a Winning Strategy

As security practitioners are painfully aware, it is not a matter of if but when their organization will come under cyberattack. Given this year’s geopolitical events, the likelihood of falling victim to an attack has exponentially increased. And while the cybersecurity landscape will continue to evolve; many organizations seem to be holding on to the belief that deploying more preventive security tools will result in greater protection against these threats. 

As security practitioners are painfully aware, it is not a matter of if but when their organization will come under cyberattack. Given this year’s geopolitical events, the likelihood of falling victim to an attack has exponentially increased. And while the cybersecurity landscape will continue to evolve; many organizations seem to be holding on to the belief that deploying more preventive security tools will result in greater protection against these threats. 

According to Gartner, organizations are expected to spend $172.58 billion on IT security and risk management technologies in 2022 alone. Despite this level of investment, hardly a week goes by without a new high-profile cyberattack (e.g., Los Angeles Unified School District, Samsung, KeyBank, Okta, DoorDash, and Twilio). Reality is that we can never eliminate cyber risk entirely, but we can manage it more effectively with “Left and Right of Boom” processes and procedures, creating a winning strategy by splitting an organization’s cybersecurity investments between strategic preparedness, prevention, and incident response.

The term “Left of Boom” originates from the military, whereby forces engaged in operations in Iraq and Afghanistan were tasked to research on how to detect Improvised Explosive Devices (IEDs) and detonate them harmlessly, or to infiltrate and disrupt bomb manufacturing to minimize the amount of casualties and damage to military personnel and material. About 15 years ago, the idiom began to be applied to cybersecurity, where the risk management continuum values the investment in protection to mitigate the negative consequences of a cyber incident. The primary job of an organization’s security team is to exercise continuous diligence in reducing risk, within the risk appetite and risk tolerance of the company, so that the likelihood of a boom is low, and the corresponding magnitude of harm is limited. 

Essential “Left of Boom” Processes

Getting started on such a path can be intimidating, especially for smaller organizations with limited resources, but in a recent discussion (see video below), a group of industry-leading cybersecurity practitioners called out some of the critical steps to be considered on the path to “Left of Boom”:

• Understand hardware and software inventory to have the necessary visibility to create meaningful metrics and assess security efficacy.

• Move to the cloud to leverage the major providers’ inherent security measures and subsequently reduce the attack surface.

• Implement multi-factor authentication (MFA) and least privilege to minimize the risk of lateral movement.

Advertisement. Scroll to continue reading.

• Make the endpoint resilient, as in a work-from-anywhere era all devices constitute the new enterprise perimeter.

• Apply network segmentation to minimize the risk of lateral movement.

• Run anti-malware and make sure the software is not only installed but functioning as intended.

 Establish Zero Trust principles by adopting a “never trust, always verify” mentality for cybersecurity and risk management.

Unfortunately, there is no such thing as 100 percent protection. Therefore, we cannot solely focus on “Left of Boom” processes, but also have to talk about the “Right of Boom”. 

Fortunately, some “Right of Boom” processes and procedures can inform some “Left of Boom” activities, providing a valuable feedback loop. In fact, it can almost be argued that “Left of Boom” exists as an idiom because “Right of Boom” has happened too often. Many industry-standards and government regulations mandate some form of “Right of Boom” processes (e.g., disaster recovery and business continuity planning). However, these processes are too often managed as a paper exercise and don’t consider the need for cyber resiliency when it comes to an organization’s recovery efforts.

Create Your Go-Bag for “Right of Boom”

Most businesses lack what really matters for a complete recovery — pro-active resilience or the ability to bounce back when struck down and come back as strong as ever. Like people who live in an earthquake zone, businesses need to have a cybersecurity “go-bag” that they can grab as soon as disaster strikes. 

Historically, IT and security professionals’ top priority regarding cyber resiliency has been securing and restoring critical infrastructure, such as servers and key business systems. Yet, in today’s “work-from-anywhere” world, the threat of cyberattacks is greatly exacerbated by the geographic distribution of endpoints. This new model has expanded the potential attack surface, lowered barriers to entry, and reduced IT teams’ visibility into devices. In fact, “The Value of Zero Trust in a WFA World” report (PDF) found that 97% of surveyed IT experts believed that remote workers are exposed to at least some added risk, with roughly 47% believing the risk was either high or extremely high. 

Gone are the days when workers could simply walk over to the IT department to address their security problems. Therefore, organizations need the right tooling and technology to secure their endpoints remotely, at scale, so they can effectively remove malware and restore their critical applications after a crippling attack. 

To ensure the highest level of cyber resilience and enable endpoint reconnection after compromise, businesses must have persistent defense technology with firmware-embedded capabilities. This is because any form of defense that lives on an endpoint can only be effective if it remains operational and functions as intended. In doing so, organizations can measure the health and compliance of endpoint security controls and promptly identify when applications are disabled, misconfigured, or otherwise exploited. And they can empower those mission-critical applications to self-heal and recover automatically without user intervention, even when starting from ground zero after a complete wipe. Considering the associated benefits, it’s not surprising that the National Institute of Standards and Technology (NIST) is propagating the use of these survivable, trustworthy secure systems as part of a balanced “Left and Right of Boom” strategy.

Ultimately, finding the right balance between strategic preparedness, prevention, and incident response has become essential in determining an organization’s ability to anticipate, withstand, recover from, and adapt to attacks, or compromises on cyber resources.


Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...