Anticipating Cyber Attacks

Cyber attacks, data breaches, and vulnerabilities are a mainstream problem. Since IT networks have become so much more complex, offering numerous places for a hacker to hide it means that cyber criminals can be hidden in IT networks, for days, weeks or months.  Attackers are typically able to roam around a breached environment for more than a year before being detected. 

With attackers spending so much time freely and anonymously navigating the IT environment, security teams need to shift their focus inside the network and implement tools that help detect cyber-attacks as early as possible in the  lifecycle of  a breach..

Recent analysis suggests it often takes organisations an average of 8 to 9 months to identify and contain a data breach. This gives hackers time to analyse data, infiltrating systems and steal what they see as valuable information. Sometime data breaches cannot be detected for years. In the 2018 Marriott International data breach, hackers were accessing the network for over four years before they were discovered, which resulted in the records of 339 million guests being exposed. 

The international hotel chain then suffered a second data breach this year after cyber criminals had been in the network for over one month, impacting approximately 5.2 million guests.

One the most common form of cyber crime is straightforward financial  theft. Cyber criminals aiming to steal money can  d infiltrate ATM networks, enabling transaction skimming from online banking systems. Or they can  threatening to lock up a computer unless a ransom is paid. Cyber criminals may be a single individual, but more likely complex networks of people spread around the world with multiple roles. 

It is now more important than ever for organisations to be able to analyse contextual data in order to make informed decisions regarding their network security policy. 

This is not possible without 24/7/365 Managed Detection and Response (MDR) tools for proactive threat hunting that uses event monitoring logs, automated use case data, contextual analysis, incident alerting and response and applying Tactics, Techniques and Procedures (TTPs) to identify issues that improve an organisation’s security posture.

When anticipating the unknown, cyber security analytics tools can capture data and detect evasive and malicious activity, wherever they are in the network in real-time. 

Creating detailed policies and properly enforcing them is one step security teams can take to proactively detect and remediate malicious activity immediately. With policy enforcement, attackers will have a hard time attempting to make lateral ‘east-west’ movements or remaining hidden in any part of the network, as the security team will be able to see inside the network and protect against threats across all attack surfaces across all managed endpoints with a unified multi-layer approach. This includes policy generation and enforcement MDR tools that can provide greater insight into the overall reliability, impact and success of network systems, their workload and their behaviour to identify threats and proactively respond and protect assets.

In reality, this means that security teams can take measurable steps towards controlling system access of the network environment; knowing who is in the network, who should be able to access what data and which applications, and being the first to detect Indicators Of Compromise (IOC).

"Threat hunting is a way to stay one step ahead of cyber criminals. Organisations no longer have to wait to be alerted of data breach before taking action; today it is essential to have a complete picture of the entire network in real-time." said CEO of Certes Networks, Paul German.

This should include exttending these capabilities to teleworkers, so that unusual activity can be identified and halted immediately, before any damage occurs. With strong MDR tools at the core, organisations can ensure a strong and effective security posture based on anticipating the unknown, clear visibility into vulnerabilities that pose the biggest threat and identifying barriers that prevent successful tracking and remediation.

Recorded Future:    Certes Networks:       Professional Security:        CyberArk:   

You Might Also Read:

Managing Your Cyber Security, Detection & Response:

 

« Russia's Hackers Are Masters Of Cyber Warfare
Malware Versus Ransomware: What’s the Difference? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SecPoint

SecPoint

SecPoint provides products to secure & protect your network from remote and local attacks.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

SecurityMetrics

SecurityMetrics

SecurityMetrics is leader in data security, PCI, and HIPAA compliance solutions

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

Steganos

Steganos

Steganos offers highly secure and easy to use software tools that protect and secure on and offline data.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

Corrata

Corrata

Corrata is an award-winning provider of mobile security and data control solutions for enterprises.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Thoma Bravo

Thoma Bravo

Thoma Bravo is a leading private equity firm with a 40+ year history and a focus on investing in software and technology companies.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

Virtual IT Group (VITG)

Virtual IT Group (VITG)

VITG is a cyber security-focused Managed Service Provider (MSP).