We modeled the Cybersecurity Canon after the National Baseball Hall of Fame and the Rock & Roll Hall of Fame – but for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to significantly increase the number. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book review by Cybersecurity Canon committee member Ben Rothke, “Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies,” Syngress 2016, by Ira Winkler and Araceli Treu Gomes
Advanced persistent threats (APT) have been given a significant amount of press over the last few years. When I first scanned the title of this book, I assumed it was on that topic. While “Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies” does detail APTs, that’s not the main focus of the book.
One of the reasons people are turned off by information security is the plethora of security buzzwords. At the recent RSA 2017 conference, one’s ear could get sore from the repetition of the year’s buzzwords: machine learning and artificial intelligence.
Going back a year or so, the buzzword was advanced persistent threat (APT). When I got a copy of the book mentioned above, I thought at first: not again.
Authors Ira Winkler and Araceli Treu Gomes have enough experience that they don’t have to rely on buzzwords. The book’s notion of advanced persistent security means ensuring that security is built into every aspect of a system. This goes from endpoint to server and covers everything in between.
The point the authors reiterate is that defense in depth (almost a buzzword) is required for serious information security controls. One can’t rely on a security appliance or one security administrator to do it all.
The book is pretty much an advanced introduction to a security guide. Their premise may not be so earth-shattering, but the massive number of security breaches and indicators proves that far too many firms didn’t get the memo about building secure systems.
Many organizations have purchased unified threat management (UTM) devices that were meant to be a single, all-inclusive security appliance. Too many of them thought that security meant having the device in their data center and not having to do anything else. This is the perfect book for such people, as Winkler and Gomes show that effective information security requires a lot more than a single expensive appliance.
The authors write that a more appropriate title for the book would have been Adaptive Persistent Security, since the goal is that information security systems must be proactive in nature and design – which is no trivial point. The authors propose methods for more adaptive and comprehensive approaches to information security.
A somewhat contrarian (albeit pragmatic) approach the authors take is that failure is an integral part of information security. No one can build a system that won’t fail. Rather the systems should be resilient enough when failure does occur – and it eventually will. The advanced persistent security methodology they propose means that a security program should proactively adapt to the failures of protection such that any loss is minimized.
The authors admit that the book does not provide any technological breakthroughs. Rather they provide advanced methods for implementing already available technologies.
At 230 pages, what the book lacks in depth, it makes up for in its tactics for effective information security. For those looking for a methodology to create a more robust information security program, Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies is a valuable resource and a welcome addition to the Canon.