Advanced threat detection – Adapting to change
Published: Jul 21, 2017
There’s no shortage of inspiring quotes echoing timeless truths. Take for example Charles Darwin who once said, “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change.” Applying the essence of this truth to organizations defending against today’s risk landscape underscores a reality all too damning for those who aren’t able to keep up. The obfuscation of attacks has evolved while the more popular adopted approaches to identifying them don’t prove to be completely effective. The widening innovation gap between hackers creating advanced threats and the security practitioners’ ability to detect them has been growing exponentially. If you can’t “see” an attack, how can you stop an attack? Leveraging yesteryear’s strategies and technologies have proven one thing: by themselves, they’re ineffective in stopping today’s advanced threats. Close inspection of every organization having sustained abreach in 2013 would invariably disclose that their environment already had a firewall and/or an IDS in place. Even worse, they’re likely to have been “compliant” to numerous regulatory standards while executing upon a mid to high adoption rate of security technologies and tools leading them to believe they were secure enough. But, the attacks still happened. The breaches still occurred. This simple post mortem analysis screams one thing for sure: today’s advanced threats are complex, hidden and aiming to be two to five steps ahead of the technology in place to detect them. This is a game of chess, not checkers. A smart hacker looking to get to your data is likely to foolproof the attack by making it impervious to many popular, tool based detection methods. Odds are good to great that today’s advanced attacks can pass through the firewall, AV, IDS, etc. and go unnoticed. This confirms what we already know. Attackers are definitely getting better at what they’re doing. The good news is - so is Verizon. As part of the leading edge Verizon Cyber Intelligence Center (VCIC), continuous, innovative efforts have been underway to get smarter and ahead of advanced threats. That sounds great on paper, but what is Verizon really doing on the ground? Verizon’s approach within VCIC includes, (but isn’t limited to), the following cyber intelligence collection points for global enterprise organizations:
- Producing security intelligence by consuming, analyzing and correlating numerous data points, (e.g. Verizon’s DBIR dataset pulling from over 70,000 security incidents, advanced threat management and big data tools, etc.).
- Learning advanced attack behaviors early to break the attack chain sooner.
- Identifying malware behavior to profile similar activity within customers’ networks.
- Scrutinizing IP reputations globally to find and prevent communications with known bad “talkers”, Command and Control servers, etc.
- Embedding an IOC (Indicators of Compromise) database stemming from various sources to flag and fortify against signature-less attacks.
- Expanding upon Verizon’s advanced detection methodologies leveraging hundreds of millions of incidents.
Let’s not kid ourselves here…the one dimensional approach to stopping advanced threats with point solutions alone isn’t getting it done today nor will it going into tomorrow. We need to get moving forward on preparing for the attacks we can’t see by recognizing their behaviors and responding to their attempts at compromise before days, weeks or months go by and moredamage gets done. Getting back to Darwin’s wisdom, we’re reminded it’s not the biggest, “baddest” and smartest security technology that has the stopping power for today’s threats. Instead, it’s the ability to adapt our security strategy to keep up with detecting the change in the advanced threat landscape that will have the highest likelihood of success in mitigating against it. Regardless of the industry or size of organization, the following recommendations are ubiquitous in getting better armed against advanced threats:
- Re-analyze your security strategy, technologies and security intelligence in the face of today’s evolving threat landscape.
- Research what’s working versus what’s not in the ongoing fight against advanced cyber threats.
- Leverage Verizon’s advanced threat analysis and detection capabilities fueled by the Verizon Cyber Intelligence Center to prevent the proliferation of advanced threats within your environment.