Covid-19 has changed life for all of us. Companies across all verticals are deeply affected as they are trying to reshape how they engage with their customers, deliver their services and conduct business. This is the new normal and it is here to stay.
One of the crucial aspects of running a modern business is to protect the digital assets. Businesses must have their IT infrastructure, data, applications and communications completely secure. However, this is where the pandemic has brought in new challenges. While healthcare providers and first responders are heroically fighting the pandemic, there are bad actors who have ratcheted up their efforts to take advantage of this vulnerable situation. The attack surface has now expanded from your corporate networks to your home networks, and the attackers know it.
Recent data has not only shown a dramatic increase in cyberattacks, but these bad actors have also changed their tactics to be more effective. TrendMicro reported on new Covid-19 related threats in Q1 2020, Covid-19 inspired Phishing emails, New Covid-19 malwares. and Covid-19 themed websites. A recent WSJ report talks about how ‘Hackers Change Ransomware Tactics to Exploit Coronavirus Crisis’.
It is clear that these attackers will continue to evolve and adapt to exploit the situation. Hence, it becomes crucial to ask the question: How are the defenders evolving their techniques? Where is the quantum leap in cyber defense that takes the fight back to these bad actors?
At Confluera we have reimagined cybersecurity on a few fundamental tenets, and we find them to be relevant more than ever.
Businesses are struggling to keep up with ever increasing zero-day, targeted, and social engineering attacks. Attackers are readily able to bypass security controls to get into the corporate environment. With rapid expansion of the remote workforce using insecure devices, unprotected home networks, unpatched security software, vulnerable remote access tools, readily available compromised credentials, and a large exposure to pandemic inspired social engineering campaigns, the situation is getting worse.
Businesses must assume that they are already breached, and it is all about early detection, and response to the attacker lurking in the network as fast as possible.
Inside Out Protection
Verizon’s DBIR pointed out that most data breaches originated from compromised end-users and endpoints. Although the attacks originate at the endpoints, as we see in all breaches, they are just the initial foothold and not the final target. Attackers continuously improve their foothold to discover the environment, escalate their privileges and move laterally to ultimately compromise the crown jewels.
Today there is a massive increase in threat exposure at the perimeter, but the fact remains that ultimately attackers are after the crown jewels and businesses must focus maniacally to protect the critical data and applications as their top priority. This calls for intense visibility at the core critical infrastructure and then extends the visibility outwards to other assets.
Beat the Enemy at Their Game
As the attackers continue improving their foothold and move deeper into the network (progress through the cyber kill chain), they act stealthily. They blend into the normal behavior of the environment, living off the land by using legitimate system tools and often carrying out campaigns for long periods to achieve their goals. They fundamentally take advantage of the inability of defense to keep track of their activities and movements during their progress. They do trip many wires but are still able to fly under the radar because these signals are lost in the noise of everything else that is going on. Point security solutions are not able to comprehensively build the attack story as it unfolds.
Businesses who are focused on protecting their critical infrastructure must evolve to equip their security teams with the ability to track the attacker moving towards the crown jewels. This revamped security capability will follow every step of the attacker, leaving them nowhere to hide and leading to interception of the attack before the damage.
Uncovering the attack story is fundamental to the detection and response, but in absence of an effective purpose-built technology it ends up being a reactive measure. It is carried out as a post-facto manual investigative effort by the security operations team on a case by case basis. At the scale and complexity of today’s IT environments, it not only is a huge burden on resources, but in absence of the necessary visibility these investigations are often inconclusive. Assistance offered by rule-based correlations, playbooks, and analytics have a limited scope and not good enough for detecting today’s sophisticated attackers. Today security teams themselves are remote and are under constant distractions presented by the new work-life paradigm, which brings additional challenges for the mission critical security operations.
In the new normal, as businesses are constantly facing the pressure to succeed with their customers, they are looking for ways to be more efficient in their operations and cut costs. Businesses must incorporate autonomous security capabilities to scrutinize their environments 24/7/365 and provide synthesized actionable information to the operators.
Confluera's Autonomous Detection and Response
Leveraging our Continuous Attack Graph Engine we are able to deploy our Autonomous Detection and Response technology to deterministically track and storyboard attacks in real-time as they unfold across the enterprise infrastructure. This brings you the ability to proactively intercept attacks instead of reactive investigations of individual detections. We help you by reducing the risk to your critical assets by detecting and responding to all attacks, simple to the stealthy, as quickly as possible, simplifying security operations, and improving the leverage of their existing spend on other security technologies.
As our commitment to the community, we are offering our platform 90 days free of cost. Please contact us to see a live demo and discuss how we can help your business.