Threat Intelligence Blog

Posted May 22, 2018

There’s no question that detecting and protecting against known cyber attacks is critical to the safeguarding of network infrastructure. But without the capability to adapt and evolve, this strategy is doomed for failure. Why, you might ask? While typical policy and mitigation approaches such as blocking domains, IP addresses, and ports with common network security devices is an effective first line of defense, the inability of these devices to dynamically adapt to the threat landscape ensures that they cannot deliver as a complete cybersecurity solution set.

As cybersecurity teams and tools identify signatures, methods, and techniques, adversaries adjust their “game plan” to improve their chances for success. This creates an ever-changing cyber battlefield. A defensive, reactive strategy leads to constant searches for the area of compromise, followed by patches and damage repairs. A proactive approach actively seeks areas of potential compromise, reduces the vulnerability, and adaptively engages in ongoing compromises. Active engagement can include the participation and corruption of data in a session, network and host deception, micro-segmentation, and redirection, to name a few.

In addition to dynamic and evolving threat vectors, the point of network entry must be considered and included in a security solution. The mobile nature of today’s workforce ensures that network devices will commonly move between networks that are protected and networks that are lacking in the implementation of best security practices and mitigation capabilities. For example, in one day, you could use your corporate asset (mobile phone, computer, tablet, etc.) at a local coffee shop, then on a corporate enterprise network, and on your home network. You might be able to control threats entering your corporate network, but what happens when an employee is breached outside of your perimeter and unknowingly brings that in?

While true ownership of that host allows for deploying and implementing security protection capabilities, this is not true for vendors or other third parties that are typically connected to corporate enterprise connections. As your attack surface continues to grow, this third party risk vector is one that needs to be included in the scope of the security protection profile. In the best cases, proactive monitoring of vendors, partners, and other third parties can drastically reduce this threat vector.

Sun Tzu’s “The Art of War” states that “Security against defeat implies defensive tactics; ability to defeat the enemy means taking the offensive.” As network security professionals, we must apply the best methods and techniques in protecting connected enterprise assets. Leveraging platforms and mitigation applications that adapt and evolve – from blocking to disrupting to interacting – provide the greatest opportunities for success.

 

Additional Posts

Challenging the Economics of Cybersecurity with Threat Intelligence Sharing Programs: Part 1

Defending your organization from cyber-attacks is a daunting challenge when the economics of ...

Weekly Threat Intelligence Brief: May 22, 2018

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...