Attackers are fast and sophisticated and, according to the latest Carbon Black Threat Report, half of all incident response engagements now involve instances of counter incident response.
So how do you defend yourself against cyber criminals? Sam Linford, regional director at Carbon Black in the UK, speaking at the recent ITWeb Security Summit 2019, said key is picking the right tools to defend yourself within your own environment. “It’s about creating a security ecosystem and not relying on just standalone tools.”
Home field advantage
“We have the home field advantage which I think many fail to act upon. We should know our assets better than our adversary,” says Linford. “Key here is doing the basics well, as it’s critical in building and maintaining our home field advantage.”
He cites a number of techniques which can be used in preventing cyber attacks. Namely having a good cyber hygiene, patching, application control, firewalls and a two-factor authentication login system.
“Layering your controls can prevent many an attack,” adds Linford, “but having said that some attackers will figure out where your vulnerable areas are and then you need to be agile enough to counter them.”
Detect what you can’t prevent
“You will never stop 100% of all threats, however you can set yourself up to have the visibility and data needed to detect what is missed by your stack,” says Linford.
“At the same time also plan for your stack to fail in preventing an attack. You do this by switching your mind-set to that of an attacker already being in your environment. How differently would you build your home field defences if you know they were inside you system?”
He says some modern attackers know how to live off the land and evade prevention and detection capabilities. “So by changing your mind-set you need to be able to disrupt the attackers before they take off with your data.”
Disrupt early in the kill chain
“Most technologies begin at the end of the chain, and there are so many other steps that attackers have to go through to get there. So why can’t we drive visibility up the kill chain to see and disrupt the attackers sooner? We must deploy technologies with the right visibility into each one of these areas to see the signs of attack sooner,” he says.
In addition, he says to remember to make it difficult for attackers, frustrating them at every possible turn, to make them work harder at breaking in. “If it’s too painful most of them will move on.”
Being one step ahead is enough
“You only need to be one step ahead of the attackers so be prepared,” adds Linford, “do you have backups and have you tested your restored files ensuring they operate efficiently. This is solely in our realm of control. An attacker only has to be successful once, but the defender has to stop 100% of these attacks all of the time.”
It’s about creating a security ecosystem and not relying on just standalone tools.
Share