“Known Good” or “Known Bad”: Choosing a Starting Point for OT Cybersecurity
2023-11-30 01:39:32 Author: securityboulevard.com(查看原文) 阅读量:9 收藏

“Known Good” or “Known Bad”: Choosing a Starting Point for OT Cybersecurity

 One way to characterize a cybersecurity strategy is by whether it takes action based on the definition of “known good” activity or “known bad” activity.

The “known bad” approach attempts to identify threats by monitoring activity (network requests, user actions, application behavior, etc.) and watching for anything that matches a predefined set of malicious or unsafe actions.

The “known good” approach starts by defining the expected behavior of users, devices, and applications, and treating any deviation from normal as a potential threat.

Any effective cybersecurity strategy will incorporate elements of both approaches. But when implementing policies (for example, policies that define when to generate alerts or block activity), organizations usually need to choose whether they are taking action based on “known good” or “known bad” activity.

In most cases, especially in OT and ICS environments, the “known good” approach to cybersecurity is actually simpler to implement and more effective at protecting critical systems.

DevOps Unbound Podcast

*** This is a Security Bloggers Network syndicated blog from The Mission Secure Blog authored by Mission Secure. Read the original post at: https://www.missionsecure.com/blog/known-good-or-known-bad-choosing-a-starting-point-for-ot-cybersecurity


文章来源: https://securityboulevard.com/2023/11/known-good-or-known-bad-choosing-a-starting-point-for-ot-cybersecurity/
如有侵权请联系:admin#unsafe.sh