Avoiding a surprise attack from an opponent is difficult and nearly impossible to counter, as we’ve seen throughout history in examples of sports, chess, and warfare. In the cyber domain, this holds true for zero-day attacks or "surprise moves" as well.
As cyber attackers refine their tactics and employ both evasive attack avenues and malware, security professionals must look for hints of intrusion within the sea of data. Below are four key preventative actions organizations can take to mitigate the impact or avoid a surprise attack on the network:
- Establish Ground Truth: Understand the cyber terrain you are defending and how cyber attackers operate. In a recent study by TechTarget, 96% of surveyed organizations have incomplete IT Asset Management programs. Also, 50% of malware currently in circulation comes from zero-day malware attacks. Awareness of the terrain helps us understand the threat landscape. Attackers build variants from what has worked in the past, and they get smarter after each attack.
Let your target devices become active participants in the defense of your network by:
- Understanding how the network has been exploited in the past.
- Utilize the free access of the national vulnerability database.
- Build a profile of what you need by understanding common vulnerabilities and exploits.
- Arm your devices with zero-day malware detection.
- Implement a plan to gain asset awareness, network segmentation, and routing of traffic.
Build Traffic Situational Awareness: Data theft is accomplished by breaching your network and stealing your information. Once an attacker establishes a foothold using a zero-day malware, they will infiltrate your network to leverage your internal resources. One way to prevent this type of breach is to implement real-time, raw packet analysis for all traffic routes in, out, and across your network. Also, create a unified and holistic view of your network and build a strong understanding of what "normal" looks like, so aberrant behavior is identified instantaneously.
Synchronize and Orchestrate Your Defenses: Here are a few ways to help prepare your organization’s "cyber battlefield", and consistently update and reinforce your defenses.
- Build interlocking command, control, and communications to bring a coordinated response to attackers.
- Create an environment of corroboration between endpoint defenses, such as an anti-virus software, with network-layer protection, such as firewalls, secure web gateways, and employees.
- User behavior as a key attribute in helping or hindering your ability to identify, protect, detect, respond, and recover to cyber surprise attacks.
- Leverage Big Data Analytics: Attackers use your entire network against you, and they are not expecting you to enlist them in your defense. As you begin to empower and enlist your devices and cyber appliances to become active participants in telling a story, the volume of data becomes big – very big.
Defenders using Big Data Analytics are more than twice as effective in finding attackers in real time.
Big Data Analytics is moving away from antiquated correlation approaches and enabling human-like characteristics, like corroboration. Deploying analytic systems that immediately calculate permutations across your network, confirming or denying aberrant behavior, is extremely beneficial.
A recent study from Ponemon research reveals that organizations are 2.25x more likely to identify a security incident within hours or minutes when they use big data cybersecurity analytics, which is one reason why the demand for this technology has significantly increased over the past 12 months.
The research shows that executives are allocating more of their IT security budget to big data, as they can derive preventative information from the massive datasets assembled in their network. This technology has been expensive in the past, but recent entries into the market place have challenged the complex pricing models of the early leaders. These newer companies are democratizing the costs of big data by using hybrid cloud solutions.