How to Learn from Adversaries as they Test Attack Strategies

Blue

According to a recent Harvard Business Review report, 84 percent of enterprises have increased their Cloud usage in the past year. Fueling this major business migration to the Cloud are the well-documented cost savings, integration, visibility and scalability inherent in Cloud architecture. With the kind of IT makeover Cloud has enabled elsewhere, it only makes sense that this delivery model will also transform the way we protect the enterprise.

Here’s why Cloud makes it possible for security teams to regain control over endpoints:

#1: KEEP TABS ON AND LEARN FROM ADVERSARIES AS THEY TEST ATTACK STRATEGIES

The most prolific and effective attacks today are bankrolled either by nation-states seeking to gain information to fuel their commercial and political interests, or by well-funded and organized criminal groups that have made an art of making money from cybercrime. In both cases, these adversaries are putting their money where their mouths are and investing in the future success of their attacks.

In order to ensure they take the right tack, these attackers are buying up traditional security system software, network boxes and any other on-premises solutions they can get their hands on to figure out how they tick. By recreating mock networks and endpoint protection systems of victims they’re seeking to target, they find all the ways they can bypass these technologies. These adversaries are able to run dozens or hundreds of mock attacks in their labs without anyone knowing what they’re doing. From there, that information turns into a blueprint to execute attacks in the real world.

Fundamentally, every single on-premise technology will fail in response to that type of attack, because if someone has unlimited time and resources to find a vulnerability, chances are that they will ultimately find it. The Cloud disrupts this attack model. With a Cloud security solution the adversaries may be able to acquire the endpoint sensor software, but when they install it in the lab and run mock attacks, the security provider can see every single attack.

It’s possible, then, to observe the attackers’ tactics before they’re ever launched in the wild. The first time they run an attack, it’s recorded, analyzed and shared with sensors on every defenders’ machine, preventing that attack from being used again. In this way the Cloud model changes the fundamental offensive-defensive asymmetry and flips the advantage from the attackers to the defenders.

Why must endpoint security must move to the cloud? Download the full white paper here for all 5 reasons.

 

Stop Breaches with CrowdStrike Falcon request a live demo