[BreachExchange] Cyber Talk: What You Don't Know Will Hurt You

Audrey McNeil audrey at riskbasedsecurity.com
Tue Sep 5 20:12:45 EDT 2017


https://www.scmagazine.com/cyber-talk-what-you-dont-know-
will-hurt-you/article/685085/

It's not easy for an organization to defend against the frequency,
sophistication and wide range of attackers seeking to compromise a network,
obtain intellectual property or bring business operations to a halt.

And all too often, we see executive teams resort to buying a broad range of
solutions as the answer to growing cyber threats, believing that the more
technologies they layer in, the safer their networks will become. But this
isn't necessarily true – hackers are continuing to evolve tactics, getting
faster and arguably more “clever” with their techniques, enabling them to
bypass traditional prevention solutions such as antivirus (AV). It's become
clear that there's still too much that most executive teams don't know
about how to architect their strategy for success. And when it comes to
cybersecurity, what you don't know will hurt you.

To properly safeguard networks, executives need to have insight into
today's cyber landscape, from the evolution of threats to what is needed to
protect their specific line of business. Taking a step back, we must first
understand how threats are detected by conventional technologies.

Most security solutions rely on identifying signatures and known threats,
or Indicators of Compromise (IoCs). The problem with tracking IoCs is that
they don't capture new obfuscation methods and the majority of today's
attacks, which are malware-free intrusions. New exploits, signatures or
versions of malware can be crafted and deployed within minutes. We've seen
this ring true with ransomware. Its highly profitable nature motivates
adversaries to craft new variants that can circumvent the traditional
prevention technologies many businesses rely on. But there are certain
approaches and capabilities organizations can take to keep up with these
changing tactics.

The key to a strong defense is taking a proactive approach to
cybersecurity. Proactive security focuses on a few key elements, including
using artificial intelligence as well as behavioral analytics or Indicators
of Attack (IoA) based prevention. Unlike IoCs, IoAs identify adversary
behavior indicating malicious activity, such as code execution or lateral
movement. By detecting an attack at various stages of the kill chain,
organizations can prevent, detect and respond before damage is done. Any
large organization will have an incident. The key is to ensure that an
incident doesn't turn into a breach.

While we could speak at greater length to the power these capabilities
provide an organization, we'll go through a quick overview:

●     Machine learning analyzes security-related data, including file
“features” and behavioral indicators over a massive data set. Often times
billions of events can be used to “train” the system to detect unknown and
never seen attacks based upon past behaviors. If machine learning
algorithms are trained with data-rich sources, and augmented with
behavioral analytics, they can be an extremely effective first line of
defense against modern threats like ransomware.

●     Threat intelligence provides actionable insight into the risks
businesses face, enabling organizations to build a more resilient and
strategic defense. What's important to remember is that threat intelligence
should help you prioritize what attacks may have the most impact to your
business. For example, a piece of commodity malware will have a much
different level of priority and response than a targeted attack from a
nation state actor. Intelligence isn't necessarily about going after a
group or individual, rather it is focused on understanding the adversaries'
attack methods and what sort of impact they might have on your business.

●     And “human enforcers,” also known as managed hunting teams, are a
team of cyber experts proactively patrolling a business's network for any
anomalies, providing an extra layer of human protection that augments and
enhances automated detection capabilities.

The fact that many executives remain solely reliant on technologies like AV
and haven't yet integrated technologies that provide better prevention and
visibility, is indeed concerning. But, the truth is, whether a small
business or a Fortune 100 enterprise, proactive security can be critical
for protecting intellectual property, guarding core systems, and ensuring
your critical business process doesn't get interrupted. Today's
organizations must look at security and business resiliency with the same
lens. In too many cases, cybersecurity risk has not been adequately
translated into terms a board can understand, but given the impact of
NotPetya, WannaCry, and other malicious attacks, security must become a
board level concern. Only then, will organizations truly know its impact on
risk management, customer retention, and brand reputation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170905/18f8fa83/attachment.html>


More information about the BreachExchange mailing list