Security for the Real World: During the Attack March 4 2015 In our last Newsletter, we opened a 3-part discussion on what Cisco calls “the Attack Continuum.” The Attack Continuum is the life cycle of a given threat which includes 3 phases: the before, during, and after phase. Each stage of the Attack Continuum requires its own set of technologies to detect, fight, and learn from an attack. Traditionally these phases are dealt with as separate entities, but to build a stronger defense system, it's best to view each phase as a piece of the security puzzle. Each stage holds different answers to the ultimate solution—the security of your systems. In this issue, we’ll focus on technologies and strategies to utilize during an active cyber-attack. Defenses used before the attack reduce what is called “the attack surface” (e.g. the way in which your system could be attacked). That said, if you leave an open door, malicious characters will enter your systems. Should a hacker bypass the safeguards implemented to prevent an attack or find an unprotected entrance, another set of technologies are then called upon to thwart, detect, and stop an intrusion while in progress. In the physical world, enhanced security systems for buildings not only include door locks, but also utilize surveillance cameras to detect threats. In the cyber world, these surveillance technologies should also be “aware” of the environment in which they operate. For example: If your IPS is aware of the Host Operating Systems, versions, and applications in your environment, then it can determine the potential vulnerabilities that exist within the system. Therefore, when an IPS sees a threat destined for an intended target, the IPS can make an accurate and educated decision regarding the threat’s relevance to the intended target. Having surveillance technologies in place that are aware of your system’s environment can greatly simplify monitoring system alerts, so you need only investigate threats identified as relevant. To learn more the Attack Continuum and how Cisco Security can enhance your security strategy contact firstname.lastname@example.org today. This article is part of a 3-phase series. Read next month’s installment to learn about defense “after an attack”. Read part 1 “Security for the Real World: Before the Attack”.