Page 68 - Cyber Defense Magazine for August 2020
P. 68
Fortunately, information security professionals still have a range of tools and techniques they can use to
help prevent breaches and to mitigate them when they do happen.
Many attack scenarios, especially ones involving remote access attacks, start with targeting the users
themselves. Many penetration testers will tell you the users are the easiest target and the first thing
they’ll go after. But this also gives an organization the opportunity to convert their user base from part of
the attack surface into their first line of defense. Making sure you have trained them on best practices
and have enabled a strong multi-factor authentication scheme can go a long way to preventing
unauthorized access.
For many organizations, the Security Operations team, rather than their users, is the main line of
defense. Even when the services are provided whole, or in part, by a third party, they are the ones who
have the ultimate responsibility for the organization’s security well-being. Which means assuring they
have the correct tools and the right training is as important as making sure the users are trained and
equipped. The question becomes whether they have the right tools and training to identify and mitigate
attack profiles that have now shifted to target the remote workforce.
The threats they have been historically focused on have not disappeared, but they may no longer be the
primary attack surface. Likewise, the tools they use to identify and mitigate attacks may not be the best
ones now that the attacker’s focus has shifted.
Threat actors have become increasingly skilled at compromising systems and then hiding their activity
“below the radar” to avoid detection, which makes their activity harder to detect. More so now that they
have a remote workforce to both target for attack and use for concealment. That means the SecOps
team will need to look at the situation holistically rather than relying on single indicators of compromise.
To that end, an advanced security analytics platform that can consolidate all the organization’s security
data into a single place and then perform AI-based analytics the entirety of the data may be in order. By
looking at all the information, it is possible to identify anomalous behavior that differs subtly from what’s
expected, or accepted, for a normal user. That can be the first indication of a compromise. Using
machine learning techniques, the system can adapt to the changing threat surface and present a risk-
based assessment to the SecOps team.
Combined with their existing tools and efficient automation, security operations personnel can get ahead
of an attack to keep a single compromised account or remote access system from escalating to a serious
data breach.
Cyber Defense eMagazine – August 2020 Edition 68
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.