Cyber attack: What’s your assailant’s next move?
When your company is under cyber attack — knowing your assailant’s next move can protect you from the next data breach.
Wikipedia defines a cyber attack as ” . . . any type of offensive maneuver employed by nation-states, individuals, groups, or organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.”
Cyber attack onslaught
Businesses everywhere are constantly under cyber attack. To protect themselves, companies deploy intrusion detection systems (IDS), firewalls, strong authentication, and various other security products. Unfortunately, while these security tools provide useful data about attack-related events as they unfold, they offer very little, if any information about what an attacker is likely to do next. Security tools that provide a solid prediction of the assailant’s next move would be the most valuable.
Proactive vs reactive
In addition to implementing advanced security tools — Always be prepared for a cyber attack. Taking a proactive stance enables a much better security posture. Rather than depending on the reactive approach of examining the attack, after the fact.
Devise a checklist (tailored to your infrastructure) to proactively gauge a future breach upon your network. As an example, you might ask:
- What malware will the attacker install next?
- Which system is the attacker likely to install the malware on?
- What security tools will the attacker attempt to disable?
- Will logs be altered (or will the attacker attempt to erase his/her tracks)?
- Will privileged user account(s) be compromised?
- Which applications might be probed for vulnerabilities?
- What data will the cybercriminal copy next?
- How will the attacker transmit the data outside our network?
Without the right security tools in place, answering the above-listed questions (while in reactive mode) would involve quite a bit of groundwork. If we focus too much on a reactive approach, we will always be two or more steps behind an attacker. Let’s change course and use a proactive stance instead. By utilizing the latest analytics security technologies, we can make significant progress in this area.
Effective attack prediction requires accurate and efficient processing of vast amounts of data. Unfortunately, early attempts at attack prediction have been rather disappointing. Both the amount and quality of available data and our ability to analyze big data has its limitations without the use of advanced security tools.
“Current cyber security solutions leave a wide gap in coverage . . . It’s like having a burglar alarm that doesn’t go off until after the burglar’s done his work, left the premises and crossed the county line. FICO will fill that gap, using our arsenal of streaming analytic technologies to detect and stop malicious network activity right at the point of inception.” —Doug Clare, VP of Cyber Security Solutions at FICO.
In conclusion, the quality and quantity of data that is available today are dramatically better than even a few years ago. So is our ability to analyze it. For example, the latest malware detection technologies use historical attempts at evasion to predict the type of tactics that will likely occur in a given scenario.
With today’s analytics engines it’s easy to start believing that the security industry is not far from effectively predicting a cybercriminals next move.
Learn more about how Lastline Enterprise can protect your company from the most advanced malware-based attacks.
Latest posts by Bert Rankin (see all)
- Network Security and Watering Hole Attacks - November 7, 2017
- How Lastline Enterprise Keeps Earning NSS Labs Highest Score in Breach Detection - October 24, 2017
- Use Advanced Threat Analytics to Defeat Malicious Advertisements - October 11, 2017