The Future of the "DR" Suffix

The Future of the “DR” Suffix

Context

As Cybersecurity grows as a major concern for all size of companies and individuals, a sea of acronyms drowns the novice in a whirl of fear, uncertainty, and doubt (FUD) that unfortunately, paralyzes the very needed actions to appease their troubled minds.

Across the thick mud of acronyms, emerge a few that resonate with the attentive ears of the top experts as well as the humble workers of the digital life space we are in. The unanimous turning of heads is unequivocal: There are acronyms that are transversal to all scales, all needs, all budgets, and all skill levels.

These are the non-cryptical ones, those that sounds familiar with the very dawn of cybersecurity, in the old times, when the innocent viruses designed for sport, to be annoying and distractive, but not damaging, the dawn of the “anti” prefixes in cybersecurity, when every newly identified threat demanded its own “anti” response. These times are gone.

Many Proposals, One Convergence

Cybersecurity changed from human based to machine based. This is not a place to explain it all in full detail, which is a passionate story to tell, no doubt about it, but we need to focus on the main message to help organizations and people to understand what is at the stake.

For the sake of simplicity, let’s agree that any technology requires at least, three pillars to stan up and stay: A reference architecture, a sizing process, and a budgeting process. Cybersecurity is no different in that sense, so let’s try to explain briefly what we have at hand by Q1CY2023:

Architectures:?The deep defense multi-layer-based architecture is one of the most popular ones, followed my micro segmentation and segment-based security, the older DMZ that create zones mainly designed to protect resources, and the newly Zero Trust architectures, that assumes that no cybersecurity object is to be trusted at any time or place by default.

Sizing: The width is very large, it ranges from operating systems solutions, device solutions, application solutions, network solutions and so on. Each one has its own parameters and usually cannot be mixed easily to form a clear idea of “size”, as we know it in common language, but resembles more the concept of “size within a project”, made up of many differentiated sizes and units. Let’s agree however that under sizing means inability to meet the expected outcomes and over sizing means wasted resources, so it is very important for the next topic.

Budgeting: Everybody must have a budget. However, there are fewer “negotiable” items in cybersecurity than in any other technology sectors. This is because the lack of replaceable functions within the purpose of a “solution”. Components, functions, and services are tightly assembled with specific roles, chosen by features, performance and interoperability characteristics that are not “OTS” (Off the Shelf products as we see in grocery stores). Therefore, the only outcome of “fitting a cybersecurity project” into a tight budget is to leave out functions that could be critical for the very purpose of the project itself. Unfortunately, you cannot buy a partial or diminished version of a critical function.

The convergence of Cybersecurity

After the automation of attacks, and further use of artificial intelligence in cybersecurity attacks as well as defense, some well-established paradigms just vanished in front of our astonished eyes in the last decade, and accelerated greatly with the COVID-19 pandemic, creating a wave of panic in the lower SMB spaces, usually unaware of cyber threats or gratuitously assuming they were not “targets”. Sorry to say that’s not true for SMBs as well as persons.

Security perimeters? Not anymore. Safe areas? None. Attack surface? Infinite. Attack techniques? Unknown. And so on, the landscape changes in cybersecurity have no end at sight anymore, no time for resting, no time for planning and no time for a sustainable defensive line of contention. So: Where do we go from here?

There are some master keywords that would eventually drive cybersecurity away from the sea of acronyms to the lake of understanding and finally to the pond of realization. These are explained in simple terms, but no question about their importance in the trade:

Automation

No cybersecurity solution is truly functional if we put the final trigger in the hands of human beings. The overwhelming variety, density and frequency of AI driven cyberattacks alone, exceeds any human capacity, no matter the experience or preparation of the respondent.

Far more network anomalies and false positives are triggering dramatic human responses while subtle fractional attacks get its way silently, unmolested, toward core systems. The speed and precision needed to cope with these attacks and other similar variants, is far beyond human beings, as well as out of the reach of most traditional security schemes.

AI assisted strategical and tactical responses cannot work when harnessed to human-timing reactions, when a mouse click means thousands of attacks, so here comes at hand the concept of “automation”. Derived from the word “Automata”, was used for centuries to describe “self-acting devices”, often ingenious mechanisms made for entertainment. The “Automatas” or “Robots” were restricted to the same repetitive action until their energy source were depleted (Mechanical or not), so the term applies to modern cybersecurity as a romantic pretension of harnessing the power of AI to the whims of humans.

As well as industrial automation evolved with sensors and more sophisticated control systems, cybernetic sciences did the same, yielding to what we know today as “Robotic Process Automation”, and “Orchestration”, as concepts that explain in simple terms that we can use AI for repetitive, out of human reach actions without allowing these actions to move away from the programmed parameters.

Said this, really and truly, anyone can automate almost anything with even publicly available tools or tools included in their OS or Office suites subscription. (i.e., Power Automation).

Coming closer to the “DR” suffix

For decades, the detection of cyber threats was the main purpose of the whole investment in enterprise cybersecurity There was a huge spending in forensic complex solutions aimed only to produce legally acceptable evidence to avoid corporate damages related to cyber security systems failures.

Nowadays, detection is no less important, however, the “when” and “where” have changed significantly since the massive use of artificial intelligence in the attacking side of cybersecurity. Therefore, detection is critical to ideally identify cyber threats “before” they assemble in our premises and while they are still “out” of our protected assets.

But detection is not enough for modern cybersecurity warfare. Detection must trigger some kind of action that avoids, block or even remediate the possible damages for targeting cyber-attack. ?The current cybersecurity tools that come with almost every cyber security device, are prepared to accomplish such task with minimal efforts, with immediate results.

We can see that in a range of very sophisticated devices targeting the top 100 companies in the world as well as the middle low budget smartphone.

So, in other words, detection and response conform today the minimal functionality expected from any sub security system, no matter the size, no matter the architecture, no matter the cost, becoming the first but not the last set of features demanded by the public that was followed almost religiously by all cybersecurity vendors.

It is no surprise that suddenly appeared many solutions with the “DR” suffix, For example: EDR, for endpoint detection and response, NDR for network detection and response, MDR For managed detection and response and so on.

It is quite evident that these solutions have an implicit component That allow them to be useful, practical, and deployable in a large variety of cyber security environments, devices, and locations. That component it's very important to accomplish data sheets promises and is nothing less than “Automation”.

Here's our proposal to name all these technologies under the umbrella of there were less confusing acronym of “ADR”, for automated detection and response systems.

If some analysts find this term too simple to catch the attention of the acronym chasers, it would be predictable to see some variations of “ADR”, Started by aiADR, NADR, EADR, With the prefixes calling for artificial intelligence network and endpoints respectively.

Conclusions

As we witness the evolution of cybersecurity, reaching not only big companies but also small organizations and individuals, or even kids, it is necessary to prepare what a cyberwar that will take many of some science fiction predictions, and will happen without the intervention of human beings, because the speed of the battles will be measured in nanoseconds, well below our reflective response triggers and mechanical reactions.

About the author

Luis Guembes Saba

Senior Cybersecurity and Networking Consultant