This is a summary of an article that first appeared in SecurityWeek on December 07, 2018.
Digital devices and infrastructures continue to be woven deeper into every aspect of our lives, whether through connected homes, cars, and mobile devices, or by expanding their role in business, government, and even critical infrastructure. One outcome of this is that the stakes in the ongoing battle between cybercriminals and security professionals continues to rise. We are no longer just looking at a cyber breach impacting an organization’s reputation and bottom line. Now and into the future, there is a real potential for a successful cyberattack to disrupt interconnected economies, shut down essential services, or even result in physical harm.
The classic problem is that the playing field is dramatically uneven. Cybercriminals only need to find a single weakness in a security strategy to achieve their goals, while defenders have to stop 100% of threats 100% of the time. And because attacks are becoming increasingly sophisticated, often attack multiple threat vectors simultaneously, the imbalance between these adversaries continues to grow.
Last fall, Fortinet predicted a number of emerging threats that may be game changers if we don’t change our tactics. They include such things a Swarmbots—semi-autonomous botnets comprised of clusters of compromised devices with specialized skillsets that can work collectively to solve problems, the commoditization of fuzzing—a process for discovering zero-day vulnerabilities in hardware and software interfaces and applications, and machine learning poisoning—training automated security devices to intentionally overlook certain threats.
The traditional process of identifying a threat and then developing a counter defense, or even attempting to anticipate and neutralize new attack strategies, are becoming obsolete. Defenders need to approach this problem from an entirely new direction. One possible approach is to adopt strategies and solutions that address and disrupt the economic drivers of the criminal community.
For many criminal organizations, attack techniques are evaluated not only in terms of their effectiveness, but also in the overhead required to develop, modify, and implement them. In short, in many ways they function like legitimate business. Knowing this, one defensive response is to make changes to people, processes, and technologies that impact the economic model of the attacker. Security Week, December 07, 2018
In his SecurityWeek byline, John Maddison outlined three strategies for defending against tomorrow’s threats:
One economic model used by cyberattackers depends on reducing risk of discovery. Since the time between breach and exploit continues to shorten, one strategy with real potential is to simply slow down attacks. Deception strategies can generate dozens of enticing false targets combined with tripwires that force attackers to slow down, allowing attackers and malware to be quickly identified and removed.
Building new attacks is expensive. Instead, cybercriminals maximize their investment in an attack by making minor changes to their malware.
Even something as basic as changing an IP address can enable malware to evade detection by many traditional security tools. The continued success of known exploits is testament to the effectiveness of this strategy. Security Week, December 07, 2018
As threat intelligence becomes better at identifying entire attack families, the more difficult it becomes for cybercriminals to simply adjust their existing attack tools and strategies to evade detection. Applying behavioral analytics to threat intelligence to predict the future behavior of malware can preempt new attacks and force cybercriminals back to the drawing board.
The final approach is to engineer as much risk as possible out of your current network by moving from implicit trust to a zero trust model. This includes implementing multi-factor authentication, deploying network access control, and adopting automated, intent-based segmentation and microsegmentation. This begins by integrating traditionally isolated security devices into a single, integrated architecture. Tools that can actively correlate threat intelligence and respond as a single, integrated system are much more effective at combating even the most advanced threats.
Getting out of the trap of security brinksmanship requires organizations to rethink their security strategies. Instead, organizations need to target the economic motivations of cybercriminals by anticipating their attacks and thereby forcing them back to the drawing board. This starts with a cohesive security fabric that can gather and share threat intelligence, perform logistical and behavioral analysis, and tie information back into a system to preempt criminal intent and raise the cost of doing criminal business.
For more details on how to change the cybersecurity paradigm in your favor, read the full article entitled, “Preparing for Tomorrow's Threats Today” written by Fortinet’s John Maddison.