Here are six common security flaws that can hinder superior detection and response, enabling hackers to sustain their high success rate.
With advanced persistent threats (APTs) more prominent than ever, it’s no longer about if a company gets breached, but when. With this in mind, organizations should evolve their security defense accordingly. Instead of focusing on preventing penetration, focus on the adversarial activity that is going on within your network.
The good news is that you have an advantage; the majority of damage is usually done several months after penetration. Hackers tend to deploy ‘low and slow’ techniques and perform minimal actions per day in order to evade detection, better understand the organization and craft a foolproof roadmap to reach their true target.
Security events are not caused by error or accident. Every piece of evidence should be over-analyzed and malicious intent must always be considered. Because security cannot know all adversarial activities, in a sense they are at a disadvantage; therefore, it is crucial for security teams to over-investigate what they can see in order to reveal other unknown and undetected connecting elements. Security teams must always assume they only see half the picture, working diligently to uncover the rest of the pieces of the puzzle.
Instead of remediating isolated incidents as fast as possible, security should closely monitor the known to understand how it connects to other elements within their environment and strive to reveal the unknown. For example, an unknown malicious process can be revealed if it is connecting to the same IP address as a detected known malicious process. Moreover, when you reveal to the hackers which of their tools are easy to detect, hackers can purposely deploy, in excess, the known tools to distract and waste the defender’s time.
In order to detect malicious actions and decipher between 'normal’ and ‘abnormal’ endpoint and network activity, enterprise context is crucial. Data collected across an organizations’ endpoints gives security this context, and enables organizations to piece together traces of malicious activity scattered on different endpoints and reveal a cyber-attack. Moreover, because endpoints are a common penetration point and where lateral movement is executed, endpoint data can reveal an attack in an immature stage and prior to full damage, significantly reducing the cost of a breach.
Although detecting Malware is important, solutions that mainly focus on detecting isolated activity on individual endpoints are unable to properly combat complex hacking operations. Instead, employ a more holistic defense. Use next-gen security solutions that combine analytics and threat intelligence in order to uncover full malicious operations.
Because many security solutions produce a large amount of sporadic alerts (many false) with little context, security teams spend endless hours manually investigating and validating alerts produced by their solutions. This lengthy process significantly prolongs security teams from addressing the real question – is there a cyber-attack underway? By leveraging solutions that automate the investigation and validation process, detection and response can be accelerated while the cost and scope of a breach can be decreased.