As any medical professional will explain, prevention is always better than cure. So why are so many organisations reactive instead of proactive when it comes to cybersecurity threats? A new report from the Cloud Security Alliance (CSA) aims to introduce new metrics for enterprises to improve their security game.
The report, titled ‘Improving Metrics in Cyber Resiliency’, introduces Elapsed Time to Identify Failure (ETIF) and Elapsed Time to Identify Threat (ETIT), as well as processes to measure and develop lower values in order to improve the resiliency of an information system. The research advocates the responsibility for measuring and reporting each metric should be transferred to intrusion detection system (IDS) providers.
The ETIF metric is relatively straightforward to understand. If one takes the standard graphical representation of a cyberattack, with time as the x-axis and quality of service (QoS) between 1.0 and 0.0 as the y-axis, a triangle appears as QoS goes down with the attack starting, before gradually rising back to 1.0 as the system recovers.
ETIF is therefore the time between the start and end of the cyberattack, and the triangle indicates loss of resiliency. Yet a further graph (below) shows how, if ETIF is reduced, the overall loss of resiliency goes down with it – in this instance, from triangle ABC to ADE. Indeed, if ETIF is reduced to zero – in other words, the cyberattack was identified occurred at the same time, being nullified at the IT/OT infrastructure – the researchers add the loss of resiliency would be zero with it.
ETIT, on the other hand, is ‘critical’ in changing limits on loss and recovery functions, and as a result impacting on the quality of service, the CSA adds. “If there is an ability for early identification of the threat that is causing the failure, then the overall time to recovery and hence the loss of resiliency could be reduced,” the report notes.
“It is our hope that this report will initiate discussion and eventually encourage competition within the intrusion detection system space,” said Dr. Senthil Arul, lead author of the document. “As more companies are storing operation assets away from local servers, it’s clear that we need to bolster asset resiliency in the cloud if we are to keep operational resiliency unaffected.”
You can download the full report here (registration optional).