The three essentials of cybersecurity for defence

By Elastic

Elastic shares what it takes to safeguard a country’s defence systems.

In March 2020, defence minister Ng Eng Hen announced bold plans to significantly fortify Singapore’s military networks against the growing threat of cyber attacks. These plans included forming a new, integrated military cyber command, the Defence Cyber Organisation (DCO), and training for “cyber defenders” drawn from the military ranks who would staff it.

These moves are vital: Singapore’s prosperity and its power to continue to attract businesses and talent from around the world rely on stability and security - sociopolitically and for its networks and data.

The role of “cyber defender” as part of a holistic cybersecurity strategy in defence is by no means unique to Singapore. The US Air Force, for example, has cyber defenders who are using technology from Elastic as part of a broader toolset for performing critical cybersecurity tasks.

Until recently, the approach to cybersecurity worldwide has typically been reactive. However, today’s threats are much harder to block if teams monitor for suspicious activity only at the point of entry. Organizations need to make the shift to a more proactive defensive approach. To do so, they should consider the three strategies below.

1. Monitoring

According to a recent Government Business Council survey of US government officials, the most significant government cybersecurity gap is visibility. For defense organizations, critical networks and systems demand round-the-clock oversight to detect anomalies and flag potential attacks. Visibility makes all the difference to security analysts - uncovering anomalies and revealing threats targeting the organization at any point in time.

What is needed is a comprehensive approach to security incident and event management (SIEM) that consolidates logs, metrics, and other data in a consolidated view and uses visualisation technology to make results easy to interpret. This type of threat hunting is vital to stay on top of a continually changing attack landscape, as it enables teams to be on constant alert for unusual patterns or trends.

Elastic makes it simple for organizations to search, visualize, and analyze data across their environment. Gaps in data collection can easily be surfaced, allowing teams to adjust their logging strategy accordingly.

2. Rapid response

Most security technologies are passive and only respond when triggered by an event. But attackers have advanced their techniques and are now able to stay undetected for long periods.

Threat hunting is integral to identify constantly changing attack behaviour. It involves being on the active lookout for threats or signs of compromise and reduces the time between a breach and discovery.

For defense organizations, Mean Time To Resolution (MTTR) - a measure of how quickly an identified issue gets fixed - is crucial. Effective monitoring should enable a cybersecurity team to react swiftly to anything that looks like suspicious activity on networks or devices. In other words, it’s about taking a proactive response, rather than a reactive fix to put things right after the damage is done.

A consolidated monitoring approach provides cybersecurity teams with the context needed to pinpoint the area of infrastructure affected - a specific endpoint, for example, or network gateway - so that they don’t waste time getting to the heart of the problem. Response workflows that integrate tightly with other external orchestration and incident ticketing tools are all part of this rapid-response approach in smart organisations.

3. Automation

In the event of a breach, speed is of the essence. Minimizing the dwell time of attackers will significantly limit the scope of an attack and reduce security costs.

Where possible, the actions required to ward off or mitigate the most common types of attack should be automated so that machines take the strain of protecting critical systems.

According to IBM’s Cost of a Data Breach Report 2020, organizations save an average of US$ 3.58 million with fully deployed security automation, compared to those without automation embedded in their systems.

Elastic’s security solutions enable cybersecurity specialists to devote their time to identifying and understanding new and emerging threats for faster future responses.

Malicious attackers are always waiting for an opportunity to steal a country’s operational plans or blind intelligence capabilities. As governments shore up their defenses for physical warfare, enhancing cybersecurity will also be crucial.