Cybercrime is dynamic. Much like a legitimate business, cybercriminals are always in pursuit of more effective or cost-efficient ways to reach their goals. Since attackers are always adapting, security must be flexible, too. Adaptive security is key to staying safe in this environment.
Adaptive security is an approach that focuses on continuous monitoring, threat intelligence and feedback loops instead of mere prevention and detection. Whereas conventional methods build their protections around responding to incidents — internal or in other organizations — the adaptive approach proactively looks for new threats and opportunities to improve.
The concept stems from a 2017 Gartner insight outlining four main stages of adaptive security:
Historically, cybersecurity has centered around the first two, which involve defending against known threats and monitoring for breaches. The new “response” phase adds post-mortem analysis to the mix, where you learn from events and redesign policies and protections as necessary.
Prediction goes a step further. This stage involves anticipating and defining new threats to protect against them before they happen.
Adaptive security is essential if you hope to keep up with today’s fast-moving threats. Here are five steps to follow to implement this approach in your organization.
The first step in enabling adaptive security is to maximize network visibility. This approach relies on continuous analysis of both potential weaknesses and normal behavior. You need full, real-time visibility into your network, data, policies and workflows to do that.
Just 23% of surveyed organizations have full visibility into their cloud environments. You can overcome that gap by implementing data logs, adding probes into your code, tracing them throughout your network and consolidating platforms where possible. Automated monitoring and tracing tools may be necessary, as auditing and mapping your entire network will be too time-consuming and error prone if you do it manually.
Next, you’ll need to set up a system for identifying and classifying known and potential threats. Malware analysis alone is insufficient, especially considering how 62% of organizations use five or fewer antivirus engines. Heuristic analysis and behavior-based threat hunting are also necessary.
You’ll want to define normal network behavior, too. Setting these baselines will make it easier to spot potential threats and breaches. Use AI to monitor everyday behavior and create profiles for different users and activities. Implementing tighter access controls helps define and distinguish between normal behavior for various users and systems.
An adaptive security framework also relies on an “assume breach” mindset. This means approaching security under the assumption that breaches will happen instead of believing your protections can prevent all incidents. In more practical terms, it means designing your system to withstand a successful attack instead of putting all your efforts into prevention.
Segmenting networks to make it easier to isolate incidents and prevent lateral movement is a good first step. Backups and detailed recovery plans are necessary, too. You’ll also want to define protocols for adapting your approach after a breach to enable ongoing improvements.
Continuous monitoring is another key concept in adaptive security. You need real-time alerts to catch things early and get enough information to predict emerging threats, but this is difficult to do manually. The cybersecurity skills shortage is so vast that it’ll cause 50% of security incidents by 2025, so automation is essential.
AI monitoring tools provide the speed and accuracy you need to be as adaptive as the threats you face. That includes AI-driven threat intelligence, network monitoring and user behavior analytics. Keep in mind that you’ll have to tailor off-the-shelf AI models to your specific workflows and needs.
Feedback loops are the last piece in the adaptive security puzzle. That includes feedback when insiders notice a potential vulnerability, responses to risks discovered by threat-hunting analysis and post-mortem conversations after an incident.
A formal, well-defined process for responding to each of these incidents makes it easier to address issues as they arise. Conventional penetration offers similar benefits, but most security professionals perform it just once or twice annually, which isn’t enough to keep up with fast-moving threats. More rapid, smaller feedback loops enable more agile adaptations.
Cybercrime moves too quickly today for conventional, prevent-and-detect approaches to be reliable. Your security must be as adaptive as the threats you’re trying to stop. That means taking an entirely new approach to cybersecurity, not just changing one or two defense measures.
Adaptive security frameworks provide the agility and protection modern organizations need in this environment. While this might look different between companies with unique concerns, these five steps remain constant in all use cases. Use these steps as a baseline and adapt them to your specific processes and security stack to become more adaptable.