Page 74 - Cyber Defense eMagazine April 2021 Edition
P. 74

EDR is an important endpoint security control to monitor and protect endpoints, but this technology is chal-
          lenged to identify when the attacker is not behaving differently than the user of the breached system – and is
          moving laterally leveraging authentic credentials and normal connections and
          pathways. Furthermore, EDR is increasingly targeted by attacker techniques to disable and
          circumvent as part of their beachhead establishment and persistence tactics.

          How to change from reactive defense to active defense

          MITRE, the 62-year-old nonprofit dedicated to creating engineering and technical guidance for the U.S. gov-
          ernment, recently created an active defense-focused knowledge base it calls Shield.
          MITRE Shield is a set of best-practice recommendations for organizations from practitioners to executives.
          Shield includes structured elements such as data tables connected by links, as well as less structured - but
          no less important - concepts and explanations, such as those found in blog posts. It includes recommen-
          dations for basic cybersecurity hygiene, as well as advanced defensive techniques covering deception and
          adversary engagement.

          The goal, wrote MITRE in its introductory blog post about Shield, is to allow “an organization to not only
          counter current attacks but also to learn more about that adversary and better prepare
          for new attacks in the future.” At its core, active defense seeks to create a hostile environment for the attack-
          er, raising the cost of hacking to a level where it becomes unattractive to the threat actor.

          Raising the cost of lateral attack movement with an environment hostile to attackers creates a
          situation where even sophisticated adversaries are unable to move laterally without detection. With a deter-
          ministic detection approach, it’s possible for an organization to gather valuable real time
          telemetry to understand their target, remediate and adjust security strategy and tactics to safeguard against
          similar attacks in the future.

          The SolarWinds attack indicates that there are shortcomings in existing security controls to ensure adequate
          credential and connection hygiene and prevent undetected lateral movement.

          Organizations need to adopt an active defense strategy to make it more difficult for attackers that have es-
          tablished a beachhead to move laterally without detection and achieve their objectives.












                                               About the Author


                                               For more than 25 years, Jeff has been leading teams to pioneer
                                               disruptive network, data, and security solutions to improve the
                                               performance and security of infrastructure and organizations.
                                               Now as VP of Product Marketing for Illusive, Jeff is focused on
                                               helping organizations understand how adopting an offensive security
                                               strategy with Active Defense can change the game on the attackers,
                                               giving the defenders a long overdue advantage

                                               Learn more about him at https://illusive.com/






             74    Cyber Defense eMagazine – April 2021 Edition
                   Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.
   69   70   71   72   73   74   75   76   77   78   79