Offense informs defense
Cyberspace is a hostile landscape. Cybercriminals have become increasingly punitive this year.
Aside from the reemergence of worms we are observing some notable trends:
- Watering Hole Attacks that employ destructive payloads
- Mobile Attacks which leverage proximity settings
- BEC utilized for second stage attack
- Wipers deployed for counter incident response
Today’s adversary is intent on waging a cyber insurgency within your network.
In 2017, we must appreciate that traditional end point security is dead. I left a traditional cybersecurity vendor 20 months ago realizing that 5% of cyberattacks would bypass end-point security.
The failure in traditional end point security is due to the widespread adoption of the Kill Chain. The Kill Chain starts with Reconnaissance. Reconnaissance is the act of finding a weakness in the target that the attacker knows how to exploit for their gain. Every corporation has weaknesses and every cybercriminal has access capabilities to attack platforms and exploit code. The overlap between the two is what we should be concerned about.
Attackers gain their economies of scale by using the same access capabilities over and over again, both within a specific target and across targets. This modus operandi is effective because (1) victim orgs rarely know what weakness was exploited that led to the alert several stages in the attack later (ie, root cause) and (2) those victim orgs that *do* know what the root cause was very rarely share it, or the mitigation they took to address it.
EDR helps address both problems. The impact of this change in security posture is that an attacker can no longer use an access capability more than once. How might we take a page from a defensive coordinator? Much like a all-pro middle linebacker. EDR can defend and respond to an super-charged offense.
Middle linebackers are the strongest linebacker who plays a hybrid position and can act as a lineman to disguise where a rush is coming from. Like Dont’a Hightower and Von Miller, an effective EDR allows your end-points to defend and respond to an attack.
Gartner has noted that the EDR market is booming but there are only a few best of breed linebackers. Choose yours wisely, as defense wins championships.