Security leaders often struggle to create efficient and effective security operations that will stop the adversary. As the business and threat landscape evolves, many throw junior people and tools like EDRs and SIEMs at the problem to try to keep pace, but mid-sized organizations are falling behind. There are many layers to this problem including the growing attack surface, the increase in sophistication of attacks, the massive amount of data that don’t translate into meaningful response, and the increased lack of the right resources.
How can you ensure you’re stopping threats effectively? How can you build your security environment to succeed?
During our recent fireside chat on cybersecurity essentials, Adam Mansour, ActZero’s Head of Sales Engineering and vCISO, shared some hard-won guidance on common issues plaguing mid-sized organizations’ efficiency and effectiveness at stopping an adversary. He covered techniques to detect compromises, recommendations to achieve greater threat coverage, and discussed how to improve security effectiveness.
New techniques needed to beat the adversary
Your first step to beating cyber adversaries is to start with the attack surface: protect your endpoints, networks, and cloud, 24 hours a day in every direction.
To do this, you need to utilize the most cutting-edge tools you can afford. Look for best-in-class detection methodologies that can swiftly adapt to the adversary, built on machine learning and AI, and solid data science that makes you as resilient as possible so that any attack that does beat your security design is minimized in its impact.
If you look at that way various cybersecurity technologies have evolved, whether its endpoint detection and response (EDR), or security information and event management (SIEM) technology, or even just antivirus, we now have the ability to collect and leverage a lot more data, almost in the way a plane’s flight recorder does. This lets us look back at attacks to figure out what happened and to harden our systems against similar attacks. However, these technologies are still lower-level techniques that don’t prepare or protect you against new, emergent attacks. As the tools and techniques of your adversaries get more sophisticated, you have to likewise level up your cybersecurity maturity to defend your systems.
A skilled InfoSec person or security engineer in-house is probably at the point where they can analyze attacks, understand how they work, and run basic tests to harden systems. But, despite their best efforts, they will remain a step behind most adversaries because their ability to enable and leverage automation—which would push your defences into the top levels of cybersecurity maturity—is limited. What your skilled InfoSec person needs is the support of a data science team, like the one ActZero provides, to shore up your defence with machine learning, which is beyond the experience and skills of most in-house staff.
Three essential takeaways
So what are the key things Adam recommended in his fireside chat that you should keep in mind when preparing to beat the adversary?
- Acquire cutting-edge tools, best-in-class detection technology
Protect your endpoints, network, and cloud 24 hours a day in every direction. That means utilizing the latest cutting-edge tools such as machine learning and AI.
But, just as importantly, when you’re investing in tools, understand whether those tools can increase your cybersecurity maturity level. While there’s no silver bullet, having a solid understanding of your tools will help you stay a step ahead of the adversary and prevent you from hitting a ceiling. - Understand and resource shared responsibility accordingly
Always focus on robust hardening techniques such as software restriction policies, host firewall rules, and disk encryption, and make sure they’re spread across your enterprise.
Because even if an attacker should gain access to your network through some novel attack method or unknown weakness, you want to ensure their spread through your systems is slowed in order to minimize the impact of a breach. - Test and validate outcomes
Cybersecurity is a balancing act. You should be conscious of the attacks you have prepared for, and those you haven’t. If you are using, for example, an incident response guide to gauge your recovery times and the kinds of attacks you’re positioned to defend against, you should also understand where gaps remain in your defensive capabilities. It’s important to know where you’ve overinvested in protection, and where you are underinvested.
When training team members, make sure the new and nuanced techniques you’re implementing are testable so you can ensure they work. By hardening systems and making your business esilient you will minimize the impact of anything that does beat your defences.
Your goal, in short, should be making it harder and more expensive for hackers to hack you. The harder it is to breach your systems, the more likely they’ll give up and go elsewhere.
EDRs and SIEMs are not enough
Most companies use SIEMs and EDRs…and get endless false positives and alerts. That’s simply inefficient for mid-sized organizations to deal with.
What you need to beat today’s adversaries are machine learning, AI, and robust data science. That’s how fast and more effective detection and response are created.
With ActZero MDR (managed detection and response), you'll reach that upper tier of security as quickly as any other method, as our service includes machine learning models and AI models. But the data science behind our MDR has tuned our product to make it even more efficient—and that constant improvement over time is a huge differentiator from other services, making our MDR more efficient than traditional SIEM and EDR.
MDR plus machine learning is the next level of detection capabilities that you need to beat the adversaries.
For additional insights and resources to harden your systems against a cyberattack watch the full fireside chat on demand now.