{"id":24987,"date":"2017-03-08T13:00:13","date_gmt":"2017-03-08T21:00:13","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=24987"},"modified":"2020-04-21T14:22:19","modified_gmt":"2020-04-21T21:22:19","slug":"cybersecurity-canon-advanced-persistent-security-cyberwarfare-approach-implementing-adaptive-enterprise-protection-detection-reaction-strategies","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2017\/03\/cybersecurity-canon-advanced-persistent-security-cyberwarfare-approach-implementing-adaptive-enterprise-protection-detection-reaction-strategies\/","title":{"rendered":"The Cybersecurity Canon: Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies"},"content":{"rendered":"

\"big-canon-banner\"<\/span><\/div><\/a><\/p>\n

We modeled the\u00a0<\/em>Cybersecurity Canon<\/em><\/a>\u00a0after the National Baseball Hall of Fame and the Rock & Roll Hall of Fame \u00ad\u2013 but for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to significantly increase the number.\u00a0Please write a review and nominate your favorite.\u00a0<\/em><\/p>\n

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can\u00a0<\/em>directly participate in the process<\/em><\/a>. Please do so!<\/em><\/p>\n

Book review by\u00a0Cybersecurity Canon committee member Ben Rothke, \u201cAdvanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies,\u201d Syngress 2016, by Ira Winkler and Araceli Treu Gomes<\/p>\n

Executive Summary<\/h3>\n

Advanced persistent threats (APT) have been given a significant amount of press over the last few years. When I first scanned the title of this book, I assumed it was on that topic. While \u201cAdvanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies<\/a>\u201d does detail APTs, that\u2019s not the main focus of the book.<\/p>\n

Review<\/h3>\n

One of the reasons people are turned off by information security is the plethora of security buzzwords. At the recent RSA 2017 conference, one\u2019s ear could get sore from the repetition of the year\u2019s buzzwords: machine learning <\/em>and artificial intelligence<\/em>.<\/p>\n

Going back a year or so, the buzzword was advanced persistent threat<\/em> (APT). When I got a copy of the book mentioned above, I thought at first: not again.<\/p>\n

Authors Ira Winkler and Araceli Treu Gomes have enough experience that they don\u2019t have to rely on buzzwords. The book\u2019s notion of advanced persistent security means ensuring that security is built into every aspect of a system. This goes from endpoint to server and covers everything in between.<\/p>\n

The point the authors reiterate is that defense in depth (almost a buzzword) is required for serious information security controls. One can\u2019t rely on a security appliance or one security administrator to do it all.<\/p>\n

The book is pretty much an advanced introduction to a security guide. Their premise may not be so earth-shattering, but the massive number of security breaches and indicators proves that far too many firms didn\u2019t get the memo about building secure systems.<\/p>\n

Many organizations have purchased unified threat management (UTM) devices that were meant to be a single, all-inclusive security appliance. Too many of them thought that security meant having the device in their data center and not having to do anything else. This is the perfect book for such people, as Winkler and Gomes show that effective information security requires a lot more than a single expensive appliance.<\/p>\n

The authors write that a more appropriate title for the book would have been Adaptive Persistent Security, since the goal is that information security systems must be proactive in nature and design \u2013 which is no trivial point. The authors propose methods for more adaptive and comprehensive approaches to information security.<\/p>\n

A somewhat contrarian (albeit pragmatic) approach the authors take is that failure is an integral part of information security. No one can build a system that won\u2019t fail. Rather the systems should be resilient enough when failure does occur \u2013 and it eventually will. The advanced persistent security methodology they propose means that a security program should proactively adapt to the failures of protection such that any loss is minimized.<\/p>\n

The authors admit that the book does not provide any technological breakthroughs. Rather they provide advanced methods for implementing already available technologies.<\/p>\n

Conclusion<\/h3>\n

At 230 pages, what the book lacks in depth, it makes up for in its tactics for effective information security. For those looking for a methodology to create a more robust information security program, Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies<\/a> is a valuable resource and a welcome addition to the Canon.<\/p>\n","protected":false},"excerpt":{"rendered":"

Cybersecurity Canon committee member Ben Rothke reviews \u201cAdvanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies\u201d by by Ira Winkler and Araceli Treu Gomes.<\/p>\n","protected":false},"author":153,"featured_media":15556,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[155,4521],"tags":[3348,251,3345],"coauthors":[1379],"class_list":["post-24987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-2","category-canon","tag-araceli-treu-gomes","tag-cybersecurity-canon","tag-ira-winkler"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/07\/cybersec-canon-red-500x218.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/24987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/153"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=24987"}],"version-history":[{"count":1,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/24987\/revisions"}],"predecessor-version":[{"id":24990,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/24987\/revisions\/24990"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/15556"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=24987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=24987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=24987"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=24987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}