Page 21 - Cyber Defense eMagazine - December 2017
P. 21

The  Attivo  ThreatDefend  platforms  provides  in-depth  threat  intelligence,  which  saves
               time by automating the gathering of TTP, attack analysis, and correlation of IOCs that

               can  then  be  used  to  accelerate  incident  response.  Threat  intelligence  and  forensic
               evidence capture and catalogue attack activity to support understanding the attacker's

               objectives, which can be used to strengthen overall security defenses. Integrations with

               firewalls,  security  and  event  management  systems,  network  access  control  products,
               and endpoint detection solutions empower the sharing of attack information to automate

               blocking and isolation of infected endpoints, as well as threat hunting. The ThreatOps™

               solution  can  create  repeatable  playbooks,  simplifying  incident  response  and  negating
               the need for additional resources to mitigate an attack.





               Protection Time (Pt) and Exposure Time (Et)


               As you now know, either we must go fastter in our Detection Tim and Response Time or
               we must make breaches go slower.  So think about this, the amount of protection you

               have on your network, to keep the prying eyes and cyber criminals from stealing the
               data, the best chance you won’t be robbed, just like having a strong vault at the bank.

               However,  a  strong  vault  is  not  enough.    If  someone  steals  the  keys  to  the  vault
               (keyloggers,  malicious  insiders,  spear  phishing  dropping  remote  access  trojans  –

               RATs), where does that leave you?  Extremely vulnerable from the inside out.  So we

               need to increase our Protection time (how long it takes to breach us) and it must be
               greater than our Detection time plus Reponse time, or we lose and the cyber criminals

               win.


               Pt must always be greater than Dt plus Rt, or:


               Pt > Dt + Rt

               and if we can’t find ways to speed up our detection and response to be faster than the

               cyber criminals, we’re completely exposed.  That’s why I’m so excited about Honeypots

               and  the  commercialization  of  Deception  technology  by  Attivo.    Expect  this  to  be  an





                   21    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   16   17   18   19   20   21   22   23   24   25   26