At times it can feel like a game as you watch the cyber-breach scorecards. Yahoo (3 billion users), Equifax (143 million consumers), Uber (57 million users), Imgur (1.7 million users) are just a sample of the companies that have released new information on large breaches in the last few months. Unfortunately, the results are real and will have a significant impact on your company and job as a security professional. Slow patch management, poor credential management, inability to lock down endpoints and, in some cases, “no idea” have been the assessments from the in-house security teams on why their companies suffered data loss.
The bad guys have upped their game on skills and tools. The statistics clearly show hackers have moved away from malware delivery as the primary tool for attacks. Recent surveys show that non-malware attacks have increased more than 90 percent, and 93 percent of security researchers said non-malware attacks pose more of a business risk than malware attacks.
What’s a non-malware attack? Use of remote logins (55%), leveraging Windows Management Interface (41%), in-memory attacks (39%), PowerShell-based attacks (34%) and attacks leveraging Office macros (31%) are technologies currently residing on many of your endpoints.
Some organizations are just not ready to dawn virtual reality goggles and play at “Level – Hardcore.” The opposing team is geared up and ready to attack on a broad front of operating systems including Windows XP and later versions, Microsoft Server 2003 and later versions, as well as Mac OS and multiple variants of Linux. Add in attack vectors such as web applications, WiFi, web services, network services, credentials, pre-deployed scripting languages, etc., which require specialized knowledge to play a solid defense, and ask yourself if the internal team is ready.
As a security manager (or even layman) some soul searching is required before you are ready to protect your most critical assets:
- Is my in-house team capable of building a shield around my most critical assets?
- Are the tools deployed that deliver the required visibility of scope and depth?
- Once a threat has been identified are the procedures in place to react?
One approach is to hire Parzival, Art3mis, Aech, Daito and Shoto for defense! Most likely, you will only be able to attract or afford one of them. Another alternative is to start looking outside of your organization for help. Our services partners, like IBM Security, have access to:
- Continuous threat research
- State of the art tools (analytics, EDR, and remediation)
- Refined Incident Response (IR) best practices
- and most critical, highly trained staff that can be give you that edge.
It is clear that traditional, signature-based protection focused on prevention isn’t enough to guard against today’s emerging threats. In this new era of non-malware attacks, organizations need around-the-clock monitoring, experienced staff, and threat intelligence that delivers the visibility and insights to rapidly respond to and remediate threats. With deep security insights from a network of global analysts, a Managed Security Service Provider (MSSP) can be a holistic model to supplement your current weaknesses, allow you to tap into currently unavailable resources and protect your endpoints from today’s emerging threats.
The movie debut of “Ready Player One ” is on March 30. Until then, you can learn more about Endpoint Managed Security by viewing this recorded webinar “A Day in the Life of Defending Your Endpoints.”