2015: Fighting Adaptive Attacks Requires Adaptive Defense with Response Automation
Security | Jan 6, 2015
Anthony Di Bello
Attackers are always looking for new vulnerabilities to exploit technologies with large-scale adoption or use/create/modify malware that changes just enough to avoid known detection methods as it propagates through a corporate network. The same malware or vulnerability is rarely used after public discovery. The identification and sale of new vulnerabilities is a high-revenue enterprise, as is the sale of malware kits which can be customized and use as weapons against unsuspecting organizations. Cybercrime is a high-growth industry and the players are only getting better organized and their attack methods more elaborate.
The defenses widely in use today are limited to technology that is overly reliant on the known, is unable to adapt when attackers change their patterns, or find easier ways to sneak onto our networks undetected. The headline-grabbing hacks of 2014 — Home Depot, JP Morgan Chase, eBay — only serve to highlight this fact.
So the challenge is significant, and further compounded by the high number of information security alerts fired off — hundreds of thousands to millions a day — and limited staff with which to prioritize, evaluate, and respond to the alerts that pose the greatest risk to sensitive data. Our adversaries have time and automation on their side, enabling a single attacker to attempt to break into the network hundreds or thousands of times in a single day. An attacker only need be right once, while the defender must be right every single time.
Automation: The fastest way to arrest an attack in progress
Given the high volume of daily events, which can only be assumed to increase in 2015 if the past is any indication, fending off adaptive attackers requires response automation
to validate, assess and remediate high-priority events before damage can be done. Guidance Software works with leading detection and event management technology such as CEIC 2015 Gold Sponsors HP ArcSight
, Cisco SourceFire
, and Intel Security
to automate the time-sensitive steps of the incident response process — delivering real-time insights from your endpoints, and eliminating time spent on after-the-fact data collection. We look forward to adding more detection partners and integration points throughout 2015 to ensure that—no matter what you have in place for detection or event aggregation—you have the means to automate and streamline your incident response process.
I suspect in the coming year we will hear a lot more about these two requirements and potential solutions not only from vendors, but also from the analyst community and information security professionals who have realized the insanity of using the same approach over and over while expecting different or improved results. Case in point: Chris Sherman, Security and Risk Analyst at Forrester Research shares Forrester’s views on endpoint security in 2015 in this webinar, “2015 Endpoint Security Predictions and Key Winning Strategies,” which I invite you to check out.
I’m excited to be at Guidance Software as we enter 2015 energized to meet the challenges posed by today’s digital adversaries, and helping our customers implement adaptive endpoint security, and automated incident response capabilities designed to meet the challenges associated with a persistent and adaptive adversary.