It is common for any experienced person working in cybersecurity today to be asked by
newcomers how they might break into the field. This is an especially popular question for
undergraduates studying computer science who are attracted to hacking, cryptography, data security, and other technical aspects of the discipline, and who suspect that these might serve as a good basis for planning a new career.
My own response to these types of questions is that the student or newcomer should focus on
learning networking. The TCP/IP and related networking and protocol suites used across
the business, government, and infrastructure today serve as the lingua franca for both offensive
attacks and defensive measures. To properly understand cybersecurity, one must understand
networking—and there is no shortcut.
Networks and Cybersecurity
To recognize this close bond between networks and cybersecurity, it helps to revisit the
original conceptual model of security protection that was introduced many years ago by James
Anderson. His early work defined the still-applicable foundational purpose of all security
operations: namely, to provide policy-based enforcement of access from some active entity to the
desired resource. This is the basis for all access controls in place today.
Modern security experts understand that access to resources is uniformly done over networks
today without exception. As such, the playing field for all malicious hacks, resource defenses
and other types of security controls is the network. It provides the infrastructure on which all
activity proceeds, so that experts have come to recognize its central role in providing visibility
and coverage of target activities happening in the network, as well as a means for performing
live prevention, detection, and response.
Figure 1. Networks as a Playing Field for Malicious Activity
Network Security Approaches
The protection approach used to address network security risk will vary based on local
resources and the organizational mission. Most security solutions, however, tend to fall into
one or more aspects of the familiar NIST CSF functions, which include identification, protection,
detection, response, and recovery. Each of these security functions aligns well with some aspect
of the network security equation:
Network Identification. This task involves locating and organizing accurate information about the network assets to be protected. It is one of the most challenging aspects of network security given the diversity, complexity, and arrangement of most network infrastructure.
Network Protection. This task is preventive in nature and includes the selection and implementation of controls that help to avoid threats. The industry refers to this type of approach as a “shift left,” and it is especially attractive since avoidance of attacks is the most efficient means for addressing risk.
Network Detection. This task requires good visibility into the relevant network activity that can be used to make decisions about security. Encryption and other network controls, along with exploding network size and traffic volume, often make detection more difficult, but excellent means exist to monitor networks for evidence of the attack. As we will see, pioneer security start-up, Cynamics is raising the bar even higher from detection to prediction.
Network Response. This task involves taking immediate actions to minimize consequences while an attack is beginning or ongoing. The industry references this type of control as a “shift right,” and it recognizes the fact that, for most organizations, attacks will be inevitable and unavoidable. The question is thus how to minimize their impact and reduce harm.
Network Recovery. This is the task that follows a consequential network attack and requires the restoration of resources and services. Network recovery is a tough task, because restoration tasks might be hampered by damages that exist to the very networks being recovered.
This blog series focuses on all aspects of NIST CSF tasking for networks, but primary attention is
given to network visibility. Our assertion is that this aspect of the security ecosystem is
the most essential and foundational aspect of protecting network resources, and the idea of
developing a network blueprint might be one of the most important tasks the enterprise
security team completes reducing cyber risk in a meaningful manner.
About TAG Cyber
TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights
and recommendations to security solution providers and Fortune 100 enterprises. Founded in
2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-
for-play research by offering in-depth research, market analysis, consulting, and personalized
content based on hundreds of engagements with clients and non-clients alike—all from a
former practitioner perspective.
Copyright © 2022 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written
permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as
consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report
are disclaimed herein.
Dr. Edward Amoroso
TAG Cyber, CEO
September 21, 2022