Aug 7, 2020

How to Fight Data Breaches Using NORAD’s Defense Model


The North American Aerospace Defense Command (NORAD) is charged with protecting North America from all kinds of threats in a massive world of movement – from ships and planes to missiles, rockets, spacecraft, and more. With NORAD successfully applying the Detect, Assess, Authorize, and Engage defense model for well over half a century, it begs the question – can their model be applied to the prevention of data breaches?

A key component to this strategy is collecting the information that feeds the Detect and Assess phases. They would not be nearly as effective at identifying threats if they were not able to analyze and understand what “normal” movement is, have comprehensive knowledge of historical threats, and be able to foresee emerging threats.

Essentially, NORAD’s task is to leverage what it knows about an enemy’s behavior in one part of the world so it can be prepared to defend other parts of the world. If its information is inadequate, it can easily fail at the Detect stage, which then makes moving to the other stages inconsequential.

 Applying the Detect and Assess stages to cybersecurity

Similar to NORAD, INTRUSION is also charged with defense. Like the defense of a geographical area, successful cybersecurity defense also relies on the amount, quality, and type of information you retain from across the globe – not just within the specific area you are trying to defend from data breaches.

Without a complete view of the space you are trying to defend, you will certainly fail at detection. Likewise, if you don’t have a holistic view of the world outside, you will not be adequately prepared to assess what enters – or leaves — your space.

But how do you gain visibility of everything coming in and out and acquire a complete picture of cyberspace in order to assess what threats may result in a data breach?

Step 1: Detect – Gathering information from cyberspace

First, it’s critical you have complete visibility to what is going in and out of your network. For instance, INTRUSION uses a patented sensor device to constantly collect network traffic for inspection.

Second, in a world of 5 billion IP addresses, finding approve and block lists that will give you the information you need is definitely a case of where size matters. This is why INTRUSION maintains a full inventory of every IP address, server, host, attacker, and country. With a Block List of over 2.7 billion and an Approve List of over 2 billion IP addresses, we offer the most comprehensive look at what is going on in cyberspace.

With IP addresses in the billions and data records well into the trillions, you still need a way to process all this information. And how can you efficiently assess the information at a speed that matches how quickly it changes?

Step Two: Assess – bringing science into decision making

Artificial Intelligence (AI) is the only answer. Though it is only as good as the rules it’s built on and the data it’s fed, AI is unmatched in its ability to calculate and compare data even in high volumes. In the dynamic world of cyberspace, it’s imperative that you have AI on your side – particularly with rules written from almost four decades of threat hunting and analysis by those facing the most challenging security environments in the world.

Of course, just shining the light on a threat doesn’t make it go away. How do you then address the cyber threats you find in order to prevent data breaches?

Step Three: Authorize & Engage – Activating threat and intrusion protection

All too often when a machine or network is compromised, “scrubbing” is initiated. This is a very disruptive process and almost always leads to loss of productivity. It also takes time. When you are facing a potential data breach, the last thing you want to do is be slow to react. This also may be a futile effort if your machine is immediately infected, yet again. That’s why it is vitally important to be constantly neutralizing threats in real-time.

You need a solution immediately shuts down any attempt in communication by the threat, without requiring engagement from your personnel or disruption to your daily business activities.

INTRUSION does this by…

Overall, INTRUSION uses this same Detect, Assess, Authorize, and Engage strategy to keep your business and information safe, matching some of the best defense models in the world. It goes beyond other data breach prevention models to collect and analyze data in a way that allows for quick action.

Make sure your business is protected with decades of experience in cybersecurity. We have the watch for your network’s security.

Learn more about INTRUSION Shield.

Ready to get protected?

INTRUSION Shield is inexpensive enough to be affordable to every business, large or small. For a small fee per seat, per month – with no annual contract and no hardware to buy – you can get immediate protection.

Get your free report

Simply enter your URL and get a detailed report emailed to you.