Hackers like launching a DDoS attack, it helps distract your firm from noticing other attacks they are carrying out. We look at why an integrated approach to your security is necessary to fight today’s threats, writes David Venable, VP of Cyber Security at Masergy, the networks and IT security product company.
The long tail impact of cyber breaches are many. Once inside a company’s network, hackers can gain persistence by installing backdoor and rootkits across several systems. From there, they can expand access across internal resources and eventually exfiltrate data. The Ponemon Institute is a good source of research on the types, frequency and cost of these breaches.
Attack delivery tends to happen quickly in the cyber kill chain, which includes reconnaissance, weaponisation, delivery, exploit, installation, command and action. During the command and control phase of the kill chain, malware is installed and covert network channels are established to evade detection. The software roams the network looking for targets from which to exfiltrate data or to find even more targets.
How can joined-up security protect an organisation? The world of cyber security is an asymmetric battleground. The attack surface is growing as a result of the growing number of connected devices, malicious apps, the Internet of Things, cloud services and the digitisation of business functions.
Joined-up security will combine the best of machine intelligence and human intelligence to deliver superior threat prediction, detection, and response. With systems such as APT management, intrusion detection and prevention, network behavioral analysis and integrated vulnerability management, a strong solution will protect against even the most advanced persistent threats. In addition, managed security solutions combine the best of machine intelligence and human intelligence to deliver superior threat prediction, detection, and response.
Joined-up security is integrating areas such as facilities management and cyber security under one overall leadership that then helps to close some of the security gaps that are being exploited. Therefore, organisations need a comprehensive security strategy to share and correlate massive amounts of data over long periods of time, identifying stealth reconnaissance activity and stopping data exfiltration.
What security issues should organisations need to be aware of in the next 12 to 18 months?
Rapid detection and response
Organisations are increasingly focusing on detection and response because taking a preventive approach has not been successful in blocking malicious attack. During the command and control phase of the kill chain, malware is installed and covert network channels are established to evade detection. The software roams the network looking for targets from which to exfiltrate data or to find even more targets. This period presents an opportunity for rapid detection and response to shut these activities down.
Memory-resident malware unabated
Memory-resident malware loads its malicious code into the memory space of either a legitimate process or file. The code stays there until it’s triggered. That’s bad enough. But memory-resident malware can also be used to trigger zero-day attacks, in which hackers exploit vulnerabilities which have not been publicly reported yet, making them almost impossible to prevent.To be sure, there’s a very easy way to wipe out this type of malware: simply reboot the infected system. But with most PCs far more stable than ever, people run their machines longer using sleep mode, saving reboots only for system updating, giving these infections more time to do their worst.
Companies are planning to spend more on managed detection and response (MDR) because attackers are still getting in and the goal is to catch them before they can do much damage. However, the average dwell time, the days between when a compromise is detected and then mitigated, is around 200 days. And, close to 70pc of breaches are discovered by third parties. In fact, by 2020, 60% of enterprise IT security budgets will be allocated to MDR. That’s up from less than 30% in 2016, according to Gartner.