Boost 'immune system' tech to suss out threats
Firewalls are simply not enough to protect your business network
The critical word in advanced persistent threat (APT) is "persistent" - these are sophisticated threats that are getting into your network and staying there, undetected.
Perpetrators often acquire legitimate user credentials or gain access through unprotected software or hardware, allowing them to easily bypass traditional security tools such as firewalls.
Once these threat actors are inside the network, it becomes extremely difficult to distinguish their behaviour from that of legitimate network users.
These attackers can then move laterally and silently within the organisation's network for weeks or months, conducting reconnaissance and searching for critical information, before eventually executing an attack or exfiltrating data.
It can take up to 230 days for a company to realise it has been breached and critical systems compromised.
At Darktrace, we once started working with a customer, only to find that there was a sophisticated threat inside its network that had been there for eight years.
Unfortunately, there have been a lot of sophisticated attacks all over the world, many of which have made headlines recently. The holy grail is to find these things early, before they escalate into crises.
We worked with a bank in Italy, which had experienced an advanced cyberthreat involving the large-scale exfiltration of sensitive data to a group of unidentified computers.
Legitimate user credentials were used to send large volumes of data outside the organisation via Facebook. The Enterprise Immune System detected anomalous behaviour within minutes and issued a threat alert, which enabled the bank's security team to stop the emerging threat.
Another example is a law firm that discovered its video conferencing system had been compromised and had been live streaming all the conversations to an unknown location from the boardroom for a week.
The education sector is full of intellectual property, and many of these organisations are also looking to enrich educational experiences by allowing students to use personal devices on the network and embrace digital applications to better facilitate learning.
All of this simultaneously creates more network vulnerabilities and opportunities for cyber attackers, adding pressure on lean infrastructure teams responsible for protecting users and sensitive data.
The reality is, cyberthreats are getting more advanced by the day.
The reality is cyberthreats are getting more advanced by the day.
Businesses need to understand that they can't catch every threat as it gets into the network. It is no longer possible to predefine what "bad" looks like in advance and stop these threats from getting into the network.
Organisations must therefore turn to "immune system" technology, underpinned by machine learning and artificial intelligence, to spot APTs and emerging attacks that hide within noisy networks.
The technology automatically learns a network's normal "pattern of life". Once an evolving baseline has been established, the technology alerts systems administrators to anomalies, with each alert highlighting how serious a threat might be.
This means that previously unidentified threats can be detected, even when they go unnoticed by traditional security tools.
This "immune system" technology also automates many of the responses that once required humans, such as isolating a compromised server from the Internet for the time being, buying the security team time to investigate the threat.
Automation is absolutely critical.
The writer is managing director, Asia Pacific, Darktrace, a security company.