GLOBAL VIRTUAL INFRASTRUCTURE AND DEPLOYMENT EXPERTS

Online Gaming – Assessing and Prioritising Cyber Defence Controls

Feb 06, 2017

In a previous blog, we started mapping threats that are prevalent in the Gaming threat landscape to the different business channel tiers, in this blog we’re going to describe an approach to protect the Core and Middle tiers of the business against breaches.

Embarking on a Security Improvement Program (SIP) for the Core and Middle tier is an essential task that aims to protect all the core business assets from a cyber security breach, as well as recognise the risks posed by the partner channel to these assets. In this blog, we’ll describe a protection method that uses an algorithm which prioritises the security controls the business needs to focus on to maxmise its threat protection.

We are not going to work against an existing standard, however we will utilise a multitude approach that merges attack models and best practice defence models to offer best practice guidance; While working solely against some standards like PCI, HIPAA, CIP and others is possible (they’re often required by regulators), they have been criticised lately to hold a dated approach and should evolve to match-up with today’s threat landscape. The methodology we’re going to describe is holding the notion that today’s threats require a new approach to successfully protect against them.

Getting real with cyber attackers

We described in previous blogs how being on the defence all the time is bound to break and how shifting the approach to the attacker’s perspective can help business be better positioned to prevent security breaches. Thinking like an attacker or a malicious insider is essential to protect against them and to ‘get real’ with attackers the business first needs to understand how they work; it doesn’t mean the business needs to understand how to execute such attacks technically utilising similar tools, tactics and procedures that adversaries do, although some business use these methods as part of red and blue team exercise, the goal is to better understand the principals of an attack from the adversary’s perspective and adapt the business' protection to that.

The principle steps that can lead to a breach

Adversaries, as well as insiders such as business employees are people and as people they should take actions that can lead to a data breach, the principal number of steps needed to successfully cause a breach is called the ‘kill chain’ - these actions will often be commenced sequentially and progress ‘blow by blow’ until complete and impact data.

1.png

Applying defence to the offensive security model

While understanding how the kill chain is a good start and represents the adversary’s side, it needs to be applied and translated into tangible defence mechanisms that the business could use, this is where best practices comes in. While there are many best practice guides and frameworks on applying defence, most of them focus on defence only without directly paralleling security controls to the offensive side represented by the kill chain. It’s also good to keep in mind that the ‘offensive side’ might be an internal trusted resource like an employee or a partner, usually employees or partners benefit from direct access to data which increases risk, unlike the adversary that needs to advance through the stages to gain control of data, the employee only needs to jump through one.

Our approach to Cyber Defence takes the kill chain model and parallels it to security controls per the established framework of SANS top 20 Critical Security Controls; each security control in the framework is translated to a tangible security control or process which is then built into and measured against the kill chain - using this approach to conduct a Cyber Defence Assessment can allow the business to gain unparalleled visibility to its position against how breaches come to play in practice. 

2.png

3.png

4.png

 

Prioritizing security focus areas - not all controls are equal

One of the challenges of choosing an established security framework like the SANS top 20 is that while there’s a hefty amount of information and controls, there’s no way to globally prioritise which controls should be in focus to maximise defences against a breach. The CXO is often challenged to priorities controls, most of the time the ongoing burning issues will gain the most focus, however, the CXO should also keep in mind the burning issues of tomorrow by considering attack chain vectors that may come to play and compromise data, as well as consider ’silent failures’ where security controls are evaded with no alarms are going off. 

Since not all controls are equal and each business is uniquely positioned, surveying security controls by mapping them to the kill chain also gives the business the visibility which controls need to be prioritised to gain maximum protection against the kill chain - this is where an algorithm that takes the impact of a security control into account helps make global security control prioritisation, for e.g. web security gateway is a control that protects against three stages in the kill chain which needs to be factored in to help the business maximise their defence each control investment, this can help manage security budgets more effectively while seeing improvement in cyber defences.

The next image captures the results of a Cyber Defence Assessment per the method described above to a client in the retail business. The security controls for the adversarial and the insider threat are shows (blue), as well as the controls that will benefit protection against the kill chain and insider threat the most (red).

5.png

6.png

In this blog we described a practical approach to protect the business core and middle tiers against adversarial and insider threats, this approach to Cyber Defence allows the business to map critical security controls against the kill chain and by that gives the business a tool that can help gain true visibility of their security posture parallel to the way breaches occur, as well as prioritises security controls by calculating how effective the business’ security controls are against the kill chain.


Performanta will be at ICE Totally Gaming at the Viadex stand,to book a meeting with a consultant click here



Tags:
Category:

Share

Request a callback

Thank you, we will be in touch with you shortly.
Submit

Send us a message

Thank you, we will be in touch with you shortly.
Submit

Client Testimonials

One of the worlds leading online gaming software providers has been a very happy client since 2002:

  • Why have you chosen to work with Viadex?

    Initially it was simply a matter of supply needs; it was convenient. Over the years the relationship has shifted from one-off purchase and supply, to a mutually beneficial partnership. I continue to invest in the relationship with Viadex because it offers a lot of advantages to me as Head of IT for a global business. These advantages include but are not limited to having an advocate working for us in discussions with vendors, having someone to make contact with vendors and either arrange proof of concept engagements or provide some background and advise relating to the vendor.

  • What are the primary benefits and/or results Viadex brings to your organisation?

    Viadex understands our business, Viadex recognises that we are a global business requiring supply to many locations, invoicing to varied entitles and that we exist in a market where there are real advantages in terms of getting to market quickly and as a result we have high expectations when it comes to logistics turnaround times.

    The Viadex account team takes time to visit our IT team and understand our project roadmap which enables them to align to our needs, as well as to offer potential solutions to address on-going challenges. Viadex recognizes the high level of technical skill in our organisation and helps us connect with the appropriate calibre of representatives from various vendors.

    Viadex assists with managing our support relationships with vendors, and taking the above into account they also help us bypass the lower levels of support and obtain quality support levels.

    Viadex advises us of how best to handle vendors, how to maximise value in our engagements and how to achieve the best return on our investments by considering alternative vendors, taking note of the timing of our purchases and optimally structuring our investment.

  • What is the process of working with Viadex like?

    Viadex has a friendly, open engagement with us. Viadex invests in face time with multiple touch-points to provide a service across the IT spectrum. The relationship is professionally owned by an account executive who is assisted by a technical team and a procurement team. The friendly and generally informal engagements suit my style; however Viadex has a professional and formal image for the times when it is appropriate. Viadex strives to respond to mails with minimal delay and is always available to take a call.

  • Why would you recommend Viadex?

    As Head of IT I appreciate not having to sweat over the details of procurement and vendor management. I am enabled to focus on delivering the business solution knowing that I can rely on Viadex to represent our best interests in commercial discussions. Viadex presents their proposed solution for review after doing the legwork. I enjoy working with the Viadex team, I have learnt a lot from them and I believe they have learnt from us too. It is a true partner relationship.