To help security leaders strategically manage their defensive posture, we have created a framework that spans relevant security layers from the start of an attack to its resolution. When applied, this framework helps organizations:
- Align security layers from end-to-end,
- Assess which security layers are working and which are not,
- Focus on performance metrics that matter,
- Drive resource allocation and investment in the areas that yield the highest risk reduction,
- Reduce the frequency of security incidents and prevent major data breaches.
The framework consists of four critical phases supported by robust intelligence flows.
Prior posts have discussed the Prevent, Detect, Analyze, and Mitigate phases. Key to making the above phases perform at their peak level is getting useful intelligence out of each phase and feeding it across the entire system. This improves each phase, in turn making the whole more effective at reducing the impact of spear phishing.
At a minimum, a linear flow is needed to support phase dependencies. For example, attack mitigation is dependent on analysis of the threat, which is dependent on detection. This is necessary for the process to function adequately.
Mature organizations go further, using intelligence from latter phases to improve prevention and detection. As an example, information derived from analyzing phishing emails that reach user inboxes can be applied to email filtering and other preventative tools. This allows for similar threats to be detected and blocked when they first come into the network. By stopping the attack in this fashion at the earliest opportunity, the effort and cost is minimized. This yields a much more efficient overall system.
The full framework with recommended defenses and example KPIs can be downloaded at http://info.phishlabs.com/the-cisos-guide-to-spear-phishing-defense. A 1-page reference card is also available at http://info.phishlabs.com/hubfs/White_Papers/Spear_Phishing_Defense_Framework.pdf