Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

How to Implement Adaptive Security in Your Organization

Cybercrime is dynamic. Much like a legitimate business, cybercriminals are always in pursuit of more effective or cost-efficient ways to reach their goals. Since attackers are always adapting, security must be flexible, too. Adaptive security is key to staying safe in this environment. 

What Is Adaptive Security? 

Adaptive security is an approach that focuses on continuous monitoring, threat intelligence and feedback loops instead of mere prevention and detection. Whereas conventional methods build their protections around responding to incidents — internal or in other organizations — the adaptive approach proactively looks for new threats and opportunities to improve. 

The concept stems from a 2017 Gartner insight outlining four main stages of adaptive security:  

  • Prevention 
  • Detection 
  • Response 
  • Prediction 

Historically, cybersecurity has centered around the first two, which involve defending against known threats and monitoring for breaches. The new “response” phase adds post-mortem analysis to the mix, where you learn from events and redesign policies and protections as necessary.  

Prediction goes a step further. This stage involves anticipating and defining new threats to protect against them before they happen. 

How to Implement Adaptive Security 

Adaptive security is essential if you hope to keep up with today’s fast-moving threats. Here are five steps to follow to implement this approach in your organization. 

1. Maximize Visibility

The first step in enabling adaptive security is to maximize network visibility. This approach relies on continuous analysis of both potential weaknesses and normal behavior. You need full, real-time visibility into your network, data, policies and workflows to do that. 

Just 23% of surveyed organizations have full visibility into their cloud environments. You can overcome that gap by implementing data logs, adding probes into your code, tracing them throughout your network and consolidating platforms where possible. Automated monitoring and tracing tools may be necessary, as auditing and mapping your entire network will be too time-consuming and error prone if you do it manually.

2. Classify Potential Threats and Define Normal Behavior

Next, you’ll need to set up a system for identifying and classifying known and potential threats. Malware analysis alone is insufficient, especially considering how 62% of organizations use five or fewer antivirus engines. Heuristic analysis and behavior-based threat hunting are also necessary. 

You’ll want to define normal network behavior, too. Setting these baselines will make it easier to spot potential threats and breaches. Use AI to monitor everyday behavior and create profiles for different users and activities. Implementing tighter access controls helps define and distinguish between normal behavior for various users and systems.

3. Assume Breach

An adaptive security framework also relies on an “assume breach” mindset. This means approaching security under the assumption that breaches will happen instead of believing your protections can prevent all incidents. In more practical terms, it means designing your system to withstand a successful attack instead of putting all your efforts into prevention. 

Segmenting networks to make it easier to isolate incidents and prevent lateral movement is a good first step. Backups and detailed recovery plans are necessary, too. You’ll also want to define protocols for adapting your approach after a breach to enable ongoing improvements.

4. Employ Continuous AI Monitoring

Continuous monitoring is another key concept in adaptive security. You need real-time alerts to catch things early and get enough information to predict emerging threats, but this is difficult to do manually. The cybersecurity skills shortage is so vast that it’ll cause 50% of security incidents by 2025, so automation is essential. 

AI monitoring tools provide the speed and accuracy you need to be as adaptive as the threats you face. That includes AI-driven threat intelligence, network monitoring and user behavior analytics. Keep in mind that you’ll have to tailor off-the-shelf AI models to your specific workflows and needs. 

5. Create a Formal Feedback Process

Feedback loops are the last piece in the adaptive security puzzle. That includes feedback when insiders notice a potential vulnerability, responses to risks discovered by threat-hunting analysis and post-mortem conversations after an incident. 

A formal, well-defined process for responding to each of these incidents makes it easier to address issues as they arise. Conventional penetration offers similar benefits, but most security professionals perform it just once or twice annually, which isn’t enough to keep up with fast-moving threats. More rapid, smaller feedback loops enable more agile adaptations. 

Adaptive Security Is a Must for Modern Organizations 

Cybercrime moves too quickly today for conventional, prevent-and-detect approaches to be reliable. Your security must be as adaptive as the threats you’re trying to stop. That means taking an entirely new approach to cybersecurity, not just changing one or two defense measures. 

Adaptive security frameworks provide the agility and protection modern organizations need in this environment. While this might look different between companies with unique concerns, these five steps remain constant in all use cases. Use these steps as a baseline and adapt them to your specific processes and security stack to become more adaptable. 

Zac Amos
Zac Amos
Zac Amos is the features editor at ReHack, where he covers trending tech news in cybersecurity and artificial intelligence. For more of his work, follow him on Twitter or LinkedIn.

Related Posts

Practical Insights for Implementing Control System Security

Introduction In this blog post, we’ll share practical insights from operational experience in managing cy...
Pinakin Gokhale Nov 29, 2024 7:00:00 AM

Innovations in R&D: How AI Is Transforming Industrial Cybersecurity Operations

Industrial control systems are becoming more complex as evolved cyberattacks threaten industry functions....
Devin Partida Nov 15, 2024 7:00:00 AM

In Conversation with Authors of ISAGCA White Paper on Zero Trust and ISA/IEC 62443

The ISA Global Cybersecurity Alliance (ISAGCA) recently published a white paper exploring the application...
Kara Phelps Nov 8, 2024 12:00:00 PM