After all the traditional security infrastructure is scraped aside (not because it doesn’t work, but because it doesn’t work WELL), there are three things that an enterprise (or really ANYONE) should do to protect their network. These three things are not the obvious things like taking backups of your files, patching your software, etc. These are three things that people just don’t do, and mostly because they don’t know that this technology exists:
- First, open your eyes and your ears for things that are happening in your company that may be suspicious or malicious. In other words, watch your network. Who is in it, what are they doing, where are they connecting, where are your files going, how is the network being used. That requires data collection….lots of it. But you need to be able to do something with the data. Data is of no use if you can not gain actionable intelligence from it.
- Secondly, start being PROACTIVE. When you take this step, you are assuming that you are already compromised and that now, you are just trying to find the breach. This is called cyber threat hunting. You need to find malware before it becomes an active attack. Even if it is lying latent in a machine, you need to hunt it down. Traditional security solutions have to wait for an attack before they can spot malware….that is, IF they can even find it. Most semi-sophisticated attacks today happen in memory. They avoid disk…just like the NSA expression “DEATH BEFORE DISK”. Threat actors like to play in memory because they know that most security tools don’t or can’t look there.
- Finally, and this one is quite simple….clean your incoming email. 94% of all cyber attacks come in via email. Why? Because it works. Phishing works very well. People are busy and increasingly less diligent as they are overwhelmed with information flow. Who has time to inspect every email header for validity? Email attacks are becoming more and more realistic looking. Gone are the days of being tricked by a deposed Nigerian prince looking to get money out of his country before he is imprisoned. Phishing looks and feels legit. Spear-phishing, looks and feels legit AND it is targeted while simultaneously being peppered with personal information usually scraped off of social media. Anyhow, assume every single email is a threat. Automatically neutralize it on the way in so that you can safely be free of links, macros, scripts and malicious documents containing things like ransomware payload.
Obviously, at CyberHunter Solutions, we can help you with all these things. Send us a note if you want to learn more (evolve@cyberhunter.solutions).
