Threats are not new to business. Whenever there has been a plentiful economic prize, there have also been pirates. In the swashbuckling days, the captain and the crew were charged with protecting the merchandise on board. The difference today is the sheer volume of cyber attacks inbound to companies. Carolyn Crandall, the Chief Security Advocate and CMO at Attivo Networks, describes the attack as an enormous wave.
- A Security Threat Tsunami: Cyber attacks are like giant perpetual waves. Businesses are constantly inundated with these threats. The first steps toward fighting back are recognizing the power of one’s adversaries, understanding how the company is being attacked, knowing where the company’s vulnerabilities are, and then devising a plan to combat the attacks.
- Strategy over Monitoring: Businesses tend to want to monitor their systems and that’s generally a good thing. Part of the method of attackers, however, is to overwhelm with data. Instead of only monitoring, companies have to decipher attacker techniques and then strategize on how to defend accordingly.
- Automate, Automate!: People can only do so much by themselves to defend against constant cyber attacks. Automation can be an answer to these attacks. Humans can’t protect against the deluge of attacks by themselves and must lean on A.I. and machine learning to help combat these nefarious attacks. When companies begin to deploy an A.I. defense strategy, the designed algorithms can begin to decipher what is normal activity on network servers and what is not.
- Data Cloak and Disrupt: Misusing credentials is a great way for attackers to gain access to resources. It is possible to have an automated system, such as Attivo, that can bait rogue elements, gain their trust, and then deny their access while hiding vital data.
For a more in-depth look at this episode, check out the article below.
Threats are not new to business. Whenever there has been a plentiful economic prize, there have also been pirates. In the swashbuckling days, the captain and the crew were charged with protecting the merchandise on board. The difference today is the sheer volume of cyber attacks inbound to companies. Carolyn Crandall, the Chief Security Advocate and CMO at Attivo Networks, described the attack as an enormous wave.
“It’s like a tsunami wave coming at you,” Crandall said. “And you’re sitting there going, ‘Okay, I’m prepared for waves and a little bit of rain,’ but most companies are not prepared for the tsunami wave that’s coming in.”
From a company’s vantage point, facing this tidal wave is daunting. What’s even worse is that the tsunami consists of nameless, faceless cyber attackers that are on the lookout for one key thing: data. Running away is a reasonable instinct, but there’s nowhere to flee that the wave won’t impact — there’s no escape. The scarier fact is that it’s not really one wave but, instead, it’s a series of tsunamis. Something must be done to survive. Rather than flight, the answer is to strategically fight back.
On a recent episode of IT Visionaries, Crandall explained how companies must shift from a reactionary mindset to be more aggressive. This requires pivoting from simply monitoring for attacks to strategizing and disrupting them. She described that to withstand the power of these attacks, companies must disrupt and automate. But, initially Crandall recommended taking stock of the reality of the situation.
“I can’t do this [the] traditional ways,” Crandall said. “I have to think about something different [and] about how I’m not going to stop the tsunami from coming in, but I’m going to be able to respond and react to it differently.”
After acknowledging the superior strength of the adversary, Crandall said the next step is figuring out how to subvert their position, and she likened these strategies back to old wartime techniques.
“If you think about it all the way back to military time where certain countries were just outnumbered [and] outflanked, what they did was they used decoys, deception, and strategy to be able to get ahead of that,” Crandall said.
A winning strategy is to turn an opponent’s biggest strength into one’s own asset to use against them.
“Instead of monitoring every little individual activity that’s going on, let’s look at techniques,” Crandall said. “Let’s look at the techniques that they use for a ransomware attack. And let’s disrupt that. Let’s look at the techniques that they have to apply and the tactics that they would have to do to cause the disruption that they’re trying to cause and try to get in between those processes instead of trying to consume, sort, [and] digest all the data.”
In other words, the attackers are revealing their playbook along with their attack; it’s just a matter of zeroing in on the most important plays. Determine their plan and then disrupt it.
“People really need to look at ways that tools work together, share threat intelligence, [and] automate things to be able to scale as well because trying to do that stuff manually just makes for a really long day,” Crandall said.
Automation allows for so many checks and safeguards that humans could not do by themselves.
“For example, with Attivo, there’s over 200 checks that the company does and their AD assessment software,” Crandall said. “And that’s really valuable because you can do 200 checks like that. It’s all continuous versus if you thought about a human doing that, [and] how often, and then they still have to correlate it…it wouldn’t happen.”
Many attackers infiltrate systems by misusing credentials. An automated defense system using deceptive techniques can disrupt the attack.
“You need a different kind of technology that sits in the middle that says, ‘Look, I’m going to bait you with fake credentials. If you go to scrape everything off my system, I’m going to detect that you’re stealing the deceptive lures as well. I’m going to use that cloaking technology,’ which is really cool because you can hide credentials, those active directory objects, and even the data that the attacker is looking [at],” Crandall said. “You can just cloak it. You can make it all disappear and deny the access. So, even if you have credentials and you’re using another tool to come in and try to access it, the systems are now smart enough to know that that’s not right.”
Yes, there’s a series of cyber attack tsunamis with very nasty attitudes lined up to strike one after the other. That is, indeed, unfortunate. But, fortunately, there are smart tools to help defenders stand tall against the perpetual, colossal waves.
“It does take modern and new technology,” Crandall said. “You can’t do this in the traditional way, but you don’t also have to be a sitting duck either. There is technology that will disrupt the attacker toolset, disrupt their attack, and put the defender in a much better stance to protect their organization.”
To hear more about how Crandall and Attivo are disrupting attackers and helping companies to overcome the cyber attack tsunamis, check out the full episode of IT Visionaries!
IT Visionaries is brought to you by the Salesforce Platform – the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation – with the customer at the center of everything you do. Learn more at salesforce.com/platform