Winning the Super Bowl of Security: An Offense-Informed Defensive Strategy

We always emphasize that cybersecurity is a team sport. As millions sit down to watch the Kansas City Chiefs and the San Francisco 49ers face off in Super Bowl LVIII on February 11 in Las Vegas, there are numerous parallels that can be drawn between their sport and ours.

A Super Bowl victory isn't solely determined by the team with the greatest number of athletes or the fastest players; rather, success hinges on the team with the most comprehensive strategy, a carefully designed playbook tailored to their opponent’s strengths and weaknesses, and an offense and defense who execute the game plan exceedingly well. In cybersecurity, where our adversaries often outnumber us, it becomes critical for us to prioritize a strategy and playbook that seamlessly integrates both offensive and defensive approaches.

Football is an inherently adversarial sport, and cybersecurity mirrors this dynamic – attackers perpetually take an offensive stance, attempting to infiltrate technology systems to achieve advancing levels of access and ultimately “score" information or control. In response, we must continually practice and play both defense and offense to mitigate risk, safeguard against potential breaches, and then respond accordingly when necessary.

Practice How You Play

Before game day, every winning team spends time strategizing, designing plays, practicing, and refining. Practice hard and the game is easy, or at least easier. Cybersecurity is no different. At Trustwave, from day one, our Cyber Advisory team guides clients on how to design their plays, building roadmaps to successfully improve their security postures.

Once those playbooks are in place, the Chertoff and Trustwave teams coach our clients. From building response plans, running tabletop exercises to creating specialized use cases, we prioritize proactive measures to address vulnerabilities and ensure our clients are ready with a well-orchestrated response to potential threats.

Just like a football team watches tape to understand the opponent, we rely on our SpiderLabs threat intelligence to analyze the tactics, techniques, and procedures (TTPs) employed by adversaries. This intelligence allows us to anticipate and counteract potential attacks effectively.

Put Me in Coach

Before, during, and after every game, team strategists and coaches perform deep analysis of capabilities and skill sets to build the right lineup. Similarly, The Chertoff Group plays a pivotal role in assessing and mapping capabilities.

The Chertoff Group helps organizations develop comprehensive offense-informed defense strategies and team hand-offs that provide direction and repeatability for safeguarding businesses from key cyber-related risks. The Chertoff Group’s approach leverages its expertise combined with the MITRE ATT&CK framework.

In both football and cybersecurity, resiliency is key to success. In the game of football, teams protect their most valuable players, and every Chertoff engagement begins with an understanding of high value assets. The best football teams also work to limit unforced errors, similar to Chertoff's focus on understanding the attack surface and ensuring that defenses are operating as intended. Likewise, just as teams expect their opponents’ tactics to evolve, Chertoff engagements assume that threat actors will continuously adapt their tactics, techniques, and procedures.

It’s Game Time

With playbooks in hand, it's time for teams to take the field. Football teams deploy their offense and defense during the game, and we implement a range of cybersecurity strategies to proactively protect and defend against threats in real time.

The Chertoff Group and Trustwave cybersecurity teams believe that while cyber risk can’t be eliminated completely, resilience can be achieved. Proactive identification and mitigation of vulnerabilities decreases the likelihood of successful attacks. And while cyberattacks are inevitable, you can minimize the likelihood of success and mitigate potential impact through preparation, rapid detection, and effective response capabilities.

Offensive Strategies

• Penetration Testing: Penetration testing proactively identifies known and unknown threats, vulnerabilities, and cybersecurity risks to client’s people, processes, and technology. This proactive approach allows clients to patch weak spots before malicious actors can exploit them.
• Red Team Exercises: Going beyond penetration testing, Trustwave red teaming simulates full-scale cyberattacks, providing a realistic assessment of a client’s readiness and response capabilities. This offensive play helps organizations understand their weaknesses and fine-tune their defensive strategies accordingly.
• Managed Vulnerability Scanning: Managed Vulnerability Scanning is a pragmatic, human-led service where our team of experts run vulnerability scans across network, application, and database, based on client needs and schedules.
• Advanced Continual Threat Hunting (ACTH): ACTH continuously looks for indicators of behavior and uncovers hidden threats to help our clients mitigate security risks.
• Resilience Operating Model: Our experts help clients develop cyber performance metrics and key performance indicators based on transparency, accuracy, and precision.
• Maturity Assessments: These assessments first document the business profile and its high value assets. Assess vulnerability and test readiness to prevent, detect and contain a cyberattack.
• C-Suite Exercises: Our team works with client leadership to stress test cyber crisis management roles and response plans before a breach occurs to ensure readiness and minimize downtime.

Defensive Strategies

• Managed Detection and Response (MDR): MDR is an industry-leading rapid threat detection and response service. Our experts identify, investigate, and eliminate cyber threats, mitigating risk to our clients. We leverage existing security tools and infrastructure to maximize returns and help our clients realize the full power of their investments.
• Co-Managed SOC: Co-Managed SOC helps organizations modernize their security operations and defend against cyber threats with 24x7 real-time threat monitoring, thorough investigation, and actionable incident response actions. The Cyber Success Team helps clients create and tune tailored use cases continuously, resulting in up to 90 percent reduction in alert fatigue by security staff and increased efficiency of the security operations team.
• DbProtect: DbProtect proactively prevents database breaches and goes beyond just meeting database compliance requirements with database assessment, risk visibility, continuous data protection, remediation guidance and active response capabilities for on-premises and cloud databases.
• Digital Forensics and Incident Response (DFIR): DFIR retainer services allow our clients to determine the source, cause, and extent of a security breach quickly, and to better prepare for the inevitable incident.

The Super Bowl might only happen once a year, but these teams have been preparing for 12 months or more! It’s the same in cybersecurity. Threat actors operate around the clock – dedicating their time and efforts to overcoming obstacles. In response, it’s imperative that organizations adopt a layered approach that integrates threat-informed offensive and defensive strategies.

It’s time to see which team’s strategic planning, practice, and execution translates into a winning edge.

David London is managing director of Cybersecurity Services at The Chertoff Group. Damian Archer is the vice president of SpiderLabs at Trustwave.