Can you prevent the mega breach? asks Amol Kulkarni, Sr. Vice President, Engineering at CrowdStrike, an IT incident response product company.
The threat landscape is more complex and more dangerous than it has ever been. Where once hackers tended to operate individually, now organisations face much more sophisticated threats from organised eCriminal groups, hacktivists, and nation-state adversaries. The immense resources and know-how that these cybercriminals can deploy means that organisations need to update their approach to security. If they do not, then they will find themselves the victims of the next big breach, and could suffer the devastating reputational and financial consequences that follow a successful attack.
Traditional approaches to IT security are no longer enough in the face of these new, advanced threats. What’s more, many organisations are failing to understand the missing link in the continuous ‘people, process and technology’ conversation, which could make all the difference in the constant fight against hackers. By harnessing the power of the cloud, a variety of next-generation technologies, and threat intelligence, businesses can steer clear of the dreaded mega breach.
As organisations grow and become more distributed, adding more endpoints across the enterprise, sophisticated adversaries will continue to aggressively target their data and IT infrastructure. The cloud offers new means of providing pervasive protection throughout the enterprise – with lower cost and reduced management overhead while adding significantly increased performance, agility and scalability. In fact, cloud-based endpoint protection provides organisations with the ability to monitor and learn from attackers as it tests attack strategies, apply crowdsourced threat protection and provides seamless upgrades. The cloud enables for better protection and offers a level of scalability and speediness that on-premise solutions do not.
In today’s modern IT landscape, organisations need to look to more next-gen solutions to combat effectively against modern threats.
Replacing traditional, legacy antivirus (AV) technology with a more sophisticated approach that completely monitors your network is a key component of this. Traditional antivirus (AV) technologies rely on a signature-based approach and as such, can only identify known threats. All it takes for an attacker to circumvent these systems is to make a small tweak between signature updates for the malware to become “invisible.” With next-gen AV, more strains of malware and other threats become visible, so you can detect and stop these types of attacks instantly.
Traditional AV products fail to deliver the efficacy improvements required to protect organizations against modern threats. These products miss more advanced threats because they lack effective machine learning and behavioral detection capability. Traditional AV continues to have blind spots because their endpoint detection and response (EDR) features are immature and unintelligent. While they are able to record and search events collected from endpoints, customers are then tasked with sifting through the sea of data to find meaningful security events. This process is painstakingly antiquated against modern, speedy vulnerabilities. With next-generation technology, the opposite is the case, and you can pinpoint threats in an efficient manner for more complete protection and faster remediation.
Organised cybercriminals today have many motivations to infiltrate their chosen targets – from financial gain to cyberwar and more. Traditionally, eCriminals and hacktivists implemented extortionist tactics to get precious data, but there has been an uptick in cyber espionage activity this year from nation-state threat actors in North Korea, Russia and China.
In the face of these diverse, highly-motivated threats, it is no longer sufficient for organisations to take a reactive stance. Instead, organisations need to have a clear and comprehensive understanding of the different threats they face, if they are to have any chance of defending against them effectively. Threat intelligence is therefore central to modern day cyber risk mitigation, enabling organisations to anticipate and detect potential threats from across the entire web and thereby, choose the right defensive approaches.
To protect revenue, customer and other stakeholder data, jobs, IP and shareholder value, organisations must invest in real-time threat intelligence, while developing a well-trained team that can monitor, capture and analyse threat data effectively. To get out of reactive mode and prevent breaches, businesses must take steps to prioritise actionable intelligence so that they can get ahead of the threats that could compromise their business.
Ultimately, steering clear of a breach comes down to two key points: speed of detection and efficacy. Being able to assess any intrusion and contain it immediately is the only way to future-proof your business. A combination of detection technologies and comprehensive strategy is critical to ensure that no matter where the bad guys move, or whatever new tactics they deploy, the business is well equipped to repel risk.