Skip to main content

Shift your thinking or get hit by the breach comet - risking dino extinction

(Image credit: Image source: Shutterstock/Ai825)

The cybersecurity landscape is a complex and quick changing beast. Despite this, some businesses are still using ‘prehistoric’ strategies to try and defend against increasingly sophisticated attacks.

Many legacy security vendors promise that their solution will protect customers from all attacks, but in reality we must accept that all threats can’t be prevented and a determined and well-resourced adversary will eventually get in, if they want to. However, even in this environment, with the right defence strategy, organisations can ensure that incidents don’t turn into costly breaches.

To do this, security teams must look beyond simple prevention efforts and incorporate threat detection and response capabilities that can effectively monitor, contain, and neutralise attacks. With the threat landscape becoming increasingly complex, blending these tactics into a single robust strategy is perhaps one of the most important investments an organisation can make.

Breach countdown

The chances are there are always going to be malicious actors looking to breach networks, and businesses need to have an effective strategy in place to quickly identify adversaries and stop them before irreversible damage is done.

A common misconception is that if a business deploys a security solution onto all known endpoints then the network will be protected. However, the reality of knowing all the endpoints in an organisation, for most businesses, is more complex than it seems. With so many devices jumping on and off the network, it’s easy for one to slip through the cracks without anyone realising.

Cloud-native, artificial intelligence (AI)-powered endpoint solutions offer businesses a lifeline as they seamlessly install on to all the endpoints within minutes and can be fully implemented across the enterprise in hours, not days or weeks. Once these have been secured, companies must think about augmenting technology with the human element. Today, the gold standard is adding threat hunting capabilities to find the malicious needle in the haystack and uncover even the most stealthy adversaries.

Once these teams have secured the network by deploying such solutions and using threat hunters they then need to have an extremely efficient process in place to keep response times to the minimum. We recommend the 1-10-60 rule as best practice, where organisations should strive to detect malicious intrusions in under a minute, investigate the context and scope of the intrusion in 10 minutes, and initiate remediation activities in less than an hour. Currently, businesses are falling short on this metric as 95 per cent of organisations can’t meet any of the three-time standards as found in the Global Security Attitude Survey.

AI powering the future

AI is a hot topic across multiple sectors within tech but where it can really benefit businesses is security.

A stone-age approach to security is scan-based, which can cause major issues to a growing business as legacy vulnerability and malware scanners are dinosaurs; they are slow, hard to manage and can have a major impact on the network. Scans can take days to deliver results and generate a mountain of results which makes it very difficult for security teams to identify an issue. These types of solutions can’t give a clear picture as corporate assets are more fluent than what scan bases search, remote workers and the cloud are not always directly connected to the corporate network and scans will miss them.

Threats are becoming increasingly more intelligent and targeted which makes scan-based solutions redundant. In the CrowdStrike Service’s Report it was found that in 29 per cent of cases in 2019 the adversary used only malware-free techniques. This style of attack allows adversaries to stay stealthy and limit their footprint - making it extremely difficult for businesses to detect. For this reason, organisations need comprehensive visibility into their networks combined with proactive threat hunting to uncover threats not identified by legacy security technologies.

A cloud-native, AI-based security solution can stop security strategies becoming fossilised in time. It can scale to analyse new TTPs adversaries are deploying and identify behaviour that is out of the norm. By crowdsourcing data, these solutions ensure up-to-date intelligence and allow businesses to remain prepared. The best solutions compile crowd-sourced intelligence from multiple business sectors and make the connections between the complex relationships between each attempted breach.

Keeping humans in security

Security solutions are not invincible and need to be supplemented with insights from the front-line. Threat hunters, a team of highly specialised hunters who can look into the suspicious behaviour recognised by the technology/AI and help SOC teams by prioritising the most critical threats. This aids teams by cutting response times and will make the whole process more efficient as they learn how to identify the most pressing tasks and let the technology deal with the more minor threats that it can handle alone.

Having a team of human threat hunters can also assist in battling the rise in malware-free attacks. The 2020 Global Threat Report uncovered that malware-free attacks increased from 40 per cent to 51 per cent. This can spell trouble for security teams as they need much more sophisticated practices to be able to detect these types of attacks. Behavioural analytics is the key to stopping these types of attacks in their tracks. And threat hunters are the key to this.

Malicious actors commonly masquerade as legitimate users and administrators making it incredibly difficult for in-house IT teams to identify them. Threat hunters specialise in discovering the telltale signs of a stealthy actor, practicing their detective craft this day-in and day-out. By using these skills, the hunters can then flag anomalies to internal IT teams, helping to bolster their defences so these actors quickly lose their privileges and opportunity to strike.

Preparing for future attacks

By burying old strategies and legacy solutions, businesses who upgrade to AI solutions, keep response times low, and deploy the advice above can breathe a sigh of relief as they know they will be protected from experiencing the fast-blazing and sudden ‘comet’ of a  breach - and saved from complete extinction.

Changing the attitudes of the security team is one battle but revolutionising a whole business can feel like a war. However, once the facts and statistics are laid out in front of them it is hard for businesses to ignore. Updating the security strategy will save time, money and reputation and allow an organisation to thrive in the business jungle.

Zeki Turedi, Technology Strategist, EMEA, CrowdStrike

Zeki Turedi is an influential, tenacious and highly sought cybersecurity commentator, consultant and presenter. Zeki has extensive incident response & forensic knowledge within law enforcement, government and private sector. His specialties include incident response, malware analysis, threat intelligence, digital forensics, network forensics, digital investigations, data loss prevention, and advanced threat modelling.