Updating a defense classic for machine-speed cyber protection

Guest written by Amit Roy, executive vice president and regional head for EMEA at Paladion.

Amit Roy, executive vice president and regional head for EMEA at Paladion

Effective cyber defense today needs lightning fast intelligence and rapid remediation. Attackers are now much faster and smarter than before. Enterprises can no longer take months, weeks, or even days to understand if attacks are in progress and what to do about them. It may be surprising therefore to know that a classic military concept from the last century is still an excellent basis for next generation cyber protection. The OODA (observe-orient-decide-act) loop was defined by Col John Boyd in 1950s as a process for reacting intelligently to any stimulus, including attacks and threats. OODA’s principles are as relevant today as they were at its inception. Applied in new approaches of managed detection and response (MDR) and machine learning (ML), they can significantly lower security risks and improve security postures.

Meet OODA!

How OODA is adopted in Traditional SOCs and Paladion’s CyberActive MDR service:

How New Cyber Defense Methods Make Better Use of OODA

Both traditional and next generation cyber defense use OODA to put their protection into action, but in different ways. Conventional cyber defense, like that of managed security service providers (MSSPs), often focuses on log data, whereas Paladion’s CyberActive MDR extends to end-point data, user data, network flows, and more. Where an MSSP then works with set rules and policies to pick out threats, MDR broadens and deepens the analysis with data science. In the third step (decide), an MSSP may base its plans solely on individual threat alerts: in MDR, however, entire attack campaigns and kill chains may be addressed as well. Finally, where an MSSP may limit its actions to coordination of a response to a threat, MDR can go further to provide tailored instructions (playbooks) to enterprises to help them stop the current instance of the threat and prevent recurrences in the future.

Artificial Intelligence Helps Security Teams Work Better

Artificial intelligence (AI) working with human intelligence is a powerful and cost-effective way to improve cyber defense. Machine learning (ML) is one of the branches of AI, and can be used to great effect in managed detection and response solutions. Our machine learning algorithms helps discover new attack models, as well as the most effective ways of combating them. As the term “machine learning” suggests, the machine learns from past data and new data, using big data management and processing techniques to sift through wide-ranging input to present its conclusions.

CyberActive MDR uses big data processing and is combined with a range of security data analytics to achieve the most effective ML capabilities. Indications of threats that might have been missed by traditional security approaches can be revealed in an advanced MDR solution by:

  • Managed endpoint threat analytics
  • Managed user behavior analytics (UBA)
  • Managed network threat analytics (NTA)
  • Managed application threat analytics (ATA)
  • Managed breach analytics.

With Paladion’s Managed Detection and Response service, identified threats can then be validated in minutes and containment and remediation organized within hours. By comparison, conventional cyber security approaches may take hours for validation and days for establishing a suitable plan, and it may still miss certain threats or combinations of threats that MDR can identify.

Detecting and Stopping Attacks Even Before They Happen

Our specialized MDR teams use these data analytics and machine learning resources and also push the boundaries of OODA even further to identify threats and attacks earlier – even to the point of tackling them before they happen. Commonly occurring attacks elsewhere can be assessed for the risk they pose to a specific organization and preventive measures taken. Likewise, attacks that have already been detected and remediated in one part of an organization can be prevented from happening elsewhere in the organization.

Thanks to the continuing application of OODA as part of advanced MDR strategies and technologies, end-user organizations can now be measurably more secure. In addition, rather than having to buy their own systems and hire in specialized staff, they can leverage MDR services like Paladion’s CyberActive MDR that are often both more effective and more affordable.