Innovative Hackers make Reactive Cyber Security a Thing of the Past
By Michael Sentonas, VP of Technology, CrowdStrike
What You Need to Know about Proactive Cyber security
The rapid evolution of cyber attack methods has begun to damage the reliability and effectiveness of reactive cyber security approaches, spurring a push toward new methods of network protection. 2016 saw the cyber landscape dramatically rock by advanced attack methods, increased levels of sophistication and the escalated frequency of adversary activity. The hackers responsible are often well-funded and constantly evolve their techniques to overcome business efforts to detect known threats, also termed Indicators of Compromise (IoC). These reactionary methods cannot account for mutating or unknown malware, living-off-the-land techniques or new variants being deployed.
“The capabilities of organisations with regard to network protection must move to next-generation, proactive prevention, detection, response, and remediation approaches”
Consequently, the capabilities of organisations with regard to network protection must move to next-generation, proactive prevention, detection, response, and remediation approaches to ‘keep up’ with innovative hackers.
There are five core components to effective endpoint cyber security on all of these fronts:
1. Proactive Detection and Response – As noted, security methods that focus on IoCs are no longer enough to address today’s advanced threats. By the time an IoC, such as a known-malware signature, is detected, the probability that the organisation has been compromised is high.
Proactive cyber security techniques are, therefore, crucial for organisations. This means focusing on Indicators of Attack (IoAs) that identify adversary behavior, such as code execution or lateral movement, instead of IoC. This enables organisations to prevent, detect, and respond to both known and unknown attacks.
2. Prevention and Actionable Threat Intelligence - In order for cyber security to be effective, organisations need to understand not only where the adversary is today, but where it has been, what its objectives are and what it is capable of. By integrating threat intelligence into detection and response, organisations gain a better understanding of the risks they face and can ultimately build stronger, more resilient defenses.
3. Machine Learning - Machine learning gathers and analyses the breadth of businesses’ security-related data, including threat intelligence and reliable indicators. With accurate data input, machine learning can identify IoAs faster, supporting threat prevention with speed and scalability.
4. Managed Hunting Teams - As long as there are humans behind hacks, we must have the power of humans behind our defenses. Managed hunting teams act as human enforcers, proactively patrolling the network for any anomalies or issues. This extra layer of human protection augments and enhances automated detection capabilities.
5. Cloud-based Endpoint Security - Cloud-based endpoint protection technology enables organisations to scale whenever needed and offers a unique and distinct advantage in delivering speed, efficacy, and response capacity. Today, enterprises are increasingly distributed and have to manage a sprawl of endpoint devices with growing mobile workforces. To that end, many CISOs struggle to provide full security coverage to all users, all the time, whether they are on or off the network.
The cloud enables the collection and analysis of billions of security events in real-time. This sharpens machine learning algorithms, IoA-based prevention, and detection and response capabilities, which results in faster, more agile, and more comprehensive defense.
The evolving techniques and skills of today’s hackers make it more important than ever for organisations to consistently out-run them with a proactive, rather than reactive, cyber security approach. From IoAs and cloud-based endpoint security to machine learning and managed hunting teams, this proactive focus is the future of cyber security. By unifying these crucial elements, organisations will have a significant advantage over the adversaries that target them.
Founded in 2011, CrowdStrike offers next-generation endpoint protection, threat intelligence, and response services. Headquartered in California, United States, the company stops breaches by preventing and responding to all types of attacks through its Falcon platform.