How to measure the reliability of a cyber security system

Oleksii Sevonkin, BDM at Octava Defence, will help you understand the skills that a system must have to be considered cyber-resilient and get clear criteria for determining the reliability of your business’s cyber security system.

It is no secret that the new reality has led to a radical increase in the risk of cyberattacks. Quarantine measures, mass shift to remote work, and growing level of organisation of the cybercrime economy have also contributed thereto.

The key question that arises for a business leader is how to understand that my cyber security system is performing its function. If there have been no cyberattacks, does this mean that everything is fine?

In general, “nothing happens” is a bad metric. Most often, this indicates that your cyber security system is “blind”.

According to the model proposed by the US National Institute of Standards and Technology (NIST), a cyber security system should perform 5 functions:
1.   Identification – we know what we want to defend.
2.   Defence – we are able to repel simple attacks reactively.
3.   Monitoring – we monitor infrastructure and events 24/7.
4.   Investigation and response — we are able to analyse events, detect and stop complex attacks proactively.
5.   Recovery — we know how to restore performance in the event of a successful attack.

In fact, a cyber security system that implements only the defence function is called a “blind” system. De facto, it simply does not see what is really happening. And even if it does, no one processes this data — no one finds non-obvious interconnections that could pose a threat.

Creating a full-fledged cyber security system that performs all functions according to NIST mirrors the process of building a Security Operations Centre (SOC) and involves three stages, which we have presented in the form of a cyber resilience pyramid. It forms a kind of “ruler” for assessing the reliability of the cyber security system. Apply it to your business, compare the skills your system has with those shown in the pyramid, and you’ll have a rich food for thoughts on how to modernise your company’s cyber security strategy.
So, 3 levels of the cyber resilience pyramid are the following:

Level 0 – we understand what we have to defend. It provides for the audit of security objects and the identification of business-crucial services, the creation of a risk map and a vulnerability model. As a result, a portfolio of projects = measures to strengthen cyber resilience is formed.

Level 1: basic and SOC-ready defence — we create a “shield” that prevents simple cyberattacks, we provide event monitoring and identify potential threats 24/7.
During Octava Defence projects, this level involves increasing the efficiency of using basic cybersecurity solutions and implementing additional “SOC-ready” solutions to ensure monitoring at the next levels (Deception, EDR, NDR).

Level 2: SOC monitoring — we monitor events and identify potential complex threats 24/7.
This level ensures the normalisation of events, the elimination of false-positive and possible “noise” in the customer’s IT and CS systems, the introduction of basic investigation and response processes, and the generation of regular analytical reports.

Level 3: SOC MDR — we are able to work proactively, prevent cyberattacks, know how to quickly restore operations after an incident. Also, we have formed a BLUE TEAM — a unified professional response team with the customer that is able to provide a full cycle of investigation, response, and elimination of vulnerabilities.

Thus, moving through the levels of the cyber resilience pyramid, the cyber security unit turns into a full-fledged SOC, and the business becomes truly cyber resilient.

Sign up for a consultation if the issue of improving cyber resilience is relevant to your business: +38 044 538 00 45,


Tags :