Most organizations today focus on protecting their networks against malware, exploits, malicious websites, and unpatched vulnerabilities. Unfortunately, there is a fundamental flaw with this approach: a malware-centric defense approach will leave you vulnerable to attacks that don’t leverage malware.
If your security tool is just setting up a perimeter and trying to fend off malware, then you could have an undetected intruder on your network for weeks, months, or years. These types of attacks have happened in the past, but businesses still seem to miss the point that the threat extends beyond just malware. As we detailed here, theft of data can be accomplished without the use of malware by purely leveraging common and legitimate Windows administrative tools WMI or Powershell scripts.
The opportunity to keep an attacker from doing reconnaissance on your network, stealing credentials, and moving laterally occurs when you can actually detect the breach and stop it before any theft of IP or actual destruction of your network takes place. Unless you have what it takes, in terms of technology and people, to identify breaches within seconds of them occurring – regardless of whether malware is used in the attack — you will ultimately lose.
Defending against malware-free intrusions requires you to enable next-gen endpoint protection built on three core principles:
100% CLOUD-BASED ARCHITECTURE
- Allow for frictionless deployment of a lightweight, zero-impact sensor to hundreds of thousands of endpoints in minutes
- Provide seamless and continuous detection, prevention, monitoring, and search capabilities
- Correlate billions of events and petabytes of data in real time
INDICATOR OF ATTACK (IOA) APPROACH
- Move from a reactive Indicators of Compromise (IOC) approach to a proactive Indicators of Attack (IOA) detection strategy
- Focus on identifying adversary objectives, as opposed to simply detecting malware tools or the presence of post-breach IOCs
- Allow for IOA detection of attacks in progress, providing the ability to spot an attack prior to a devastating data breach
24/7 VISIBILITY, MONITORING, AND RESPONSE
- Integrate intelligence and expertise to provide context and assigns priority to threat response
- Measure time to response is measured in milliseconds: time to remediation in minutes or hours, not days, weeks, or months
- Prioritize attack indicators instantly
These core areas are no longer just part of an emerging approach but critical building blocks for effective cyber defense. In order to protect against today’s advanced attacks, organizations need to implement next-gen security architecture and ask security vendors to prove their effectiveness in detecting adversary activity and the use of malware-free intrusions.