Beneficial Aspects Of Adaptive Risk and Trust Assessment

One of the first CARTA imperatives is to move away from a one-time, yes/no risk decision at your main gate (managed by a static authentication and authorization process) to a continuous, real-time, adaptive risk analysis using situational information. This is what enables the preventative, detective and reactive security controls of ABAC.

Adaptive Policy Solution

Adaptive security solutions continuously vet events, users, systems and network traffic to detect suspicious activity and quickly respond to threats. This helps to reduce the attack surface and protects against zero-day attacks, insider threats and other risks deriving from compromised credentials. In contrast to traditional block/allow security solutions, adaptive security enables context-based decisions that can recognize threats based on their methods and behavior, rather than just examining log files or monitoring checkpoints. The nature of cyber attacks is changing rapidly and businesses must move full speed ahead to remain competitive. Rapid innovation, employee mobility, IoT devices, cloud services and remote work are opening new opportunities but also introduce a range of new risks. This requires that security experts embrace a continuous approach to security known as CARTA-continuous Adaptive Risk and Trust Assessment.

To meet the requirements of zero trust, the identity and context of a user must be evaluated after authentication and access is granted. This is the only way to prevent breaches and stop attacks attempting to bypass established policies. Unlike traditional security architecture that tries to identify an attack in advance by analyzing data, adaptive security solutions use heuristics and machine learning to understand patterns and behaviors. This can close many entry points used by attackers to infiltrate networks and systems, including identifying malicious software. Adaptive security can also provide alerts and actions that are automatically triggered to quickly contain or stop ongoing attacks, such as preventing a cyberattack from spreading.

Adaptive Assessment

Adaptive risk and trust assessment is the process of administering questions that vary in difficulty and content based on student performance. The adaptive test system uses a large bank of questions and computer algorithms to select the next question based on the student’s answers. The system also updates the estimated student knowledge level and item difficulty using the Elo rating algorithm. The system then generates a personalized practice test for each student, selecting 25 items about previously learned concepts and prioritizing those that the students are most likely to forget.

The adaptive assessment process allows teachers to identify learning gaps and target those areas of weakness. For example, a student may perform well on math problems, but struggle with word problems that require reading and comprehension skills. The adaptive assessment provides valuable insight to the teacher on where the student’s focus should be and offers a streamlined way to help them reach their full potential. Adaptive assessments are crucial to the success of zero trust implementations. They can reduce the number of false positives and allow you to detect attacks that other methods fail to spot, such as insider threats and later attacks. The SEI cybersecurity engineering assessment framework, CARTA, provides multiple adaptive methods that address lifecycle challenges on the zero trust journey.

Adaptive Response

Zero trust adoption is a cybersecurity engineering initiative that requires continuous risk assessment and management. This is the key to ensuring security posture aligns with business goals as hackers continue to proliferate and innovate. Traditional IT security solutions favor black and white decisions, essentially choosing whether to block or allow access to systems based on the potential for risk. This is not the case in today’s business environment with its rapid pace of innovation and change, requiring security that moves at the speed of digital business.

The first of Gartner’s CARTA Continuous Adaptive Trust imperatives recommends moving away from a one-time yes/no risk decision at the login gate (managed by RBAC) to a continuous, real-time, adaptive evaluation of user anomalies using context-aware information found in ABAC models. Adding ABAC to your existing role-based access control (RBAC) capabilities enables preventative, detective, and responsive controls at the business transaction and master data level. CARTA is built on the principle that all computing services, data sources, and users are considered resources and should be evaluated as such. As a result, it provides a foundation for more effective and efficient security measures that eliminate the gap between business needs and security requirements. For example, it supports the dynamic allocation of resources, such as cloud services and virtual machines, to ensure the best possible security posture in a given situation.

Adaptive Automation

Adaptive automation is becoming more commonplace with adaptive cruise control found in some high-end automobiles, smart home technologies that adjust lighting and heating to match user preferences, and medical devices that adapt to the needs of individual patients. It also includes the automated invocation of safety features such as the Ground Collision-Avoidance System (GCAS) developed for the F-16D fighter aircraft. Miller (2004) suggests that users ascribe expectations regarding human etiquette to systems they interact with, requiring the system to communicate plans and intentions in a manner that is familiar to the user. This is why many adaptive systems incorporate multimodal input/output methods that include displays, keyboards, and speech synthesis.

The ability to adapt based on context and the fact that it is not limited by the constraints of traditional block/allow security solutions are important benefits to offer businesses. This is especially true in today’s business environment when employees frequently work outside the corporate firewall and with personal digital services that aren’t managed. Continuous Adaptive Trust, or CARTA, is a security framework that can help meet the challenges of this new reality. It allows for real-time monitoring and reevaluation of a user’s risk, even after they have been successfully authenticated. The framework can then adjust access controls to provide the optimum level of protection. Contact DSA to learn how implementing a Continuous Adaptive Trust strategy can deliver long-term financial and strategic benefits.

About Author