The changing nature of cyber attacks necessitates faster, more agile defense.
Today’s adversaries often have unlimited time and resources to identify vulnerabilities within networks and discover new ways to bypass standard technologies without getting caught – living in organizations’ networks for days, months and even years without detection. We’re experiencing an epidemic.
As cyber threats continue to grow in sophistication and attack techniques evolve, becoming faster, stealthier and more successful against traditional security methods, organizations need a different approach to stop breaches. Cloud-based technologies offer a unique and distinct advantage in delivering speed, efficacy and response capacity. Combining managed use of cloud computing for threat intelligence aggregation and sharing and machine learning and applied behavioral analytics offers promising, new approaches to closing security gaps and avoiding silent failure.
Traditionally, antivirus focuses on detecting signatures and known threats or Indicators of Compromise (IoCs). Imagine that a burglar is targeting a home – an IoC is a broken window. By the time the IoC is detected, the burglar has already done damage to the home. It’s a reactive method of tracking intrusion activity, which only tells the homeowner if they have already been compromised. In the case of a data breach, IoCs may include a variety of intrusion evidence left behind, including the presence of malware, signatures, exploits, vulnerabilities and IP addresses. These IoCs constantly change as attackers’ techniques evolve. New exploits, signatures or versions of malware can be crafted and deployed within minutes, making securing business information based on IoCs nearly impossible.
To avoid damage, organizations need unified and comprehensive prevention, detection and response capabilities. They need technologies and practices in place to be alerted of the footsteps of a robber around their house – an Indicator of Attack (IoA). For organizations, IoAs are signs of an attack underway, such as code execution, persistence, stealth, command control and lateral movement within a network. By tracking a series of actions that indicate malicious activity – be it through machine learning prevention or behavioral-based defense – organizations can stop both known and unknown threats. Next-generation security allows the homeowner to detect an attack in progress, and stop the burglar before they get anywhere near the window.
The Cloud Advantage
By delivering endpoint protection capabilities via a cloud-based architecture, businesses are able to quickly scale and expand their defense, if needed. The cloud also enables organizations to track adversaries as they test new attack strategies. Generally, attacks are carried out in multiple stages and each attack, whether or not its successful, offers the adversary a chance to evolve. They can determine at what point their actions were detected – i.e. when a burglar breaks the window to a house – and adapt their methods to avoid this action moving forward – that burglar may decide to pick the lock on the next house they target. But the full visibility into the endpoint enabled by the cloud allows analysis of each stage of the attack and then, the crowdsourcing of prevention to all endpoints within the cloud.
The cloud also disrupts the standard attack model adversaries follow. It enables the collection and analysis of billions of security events in real time that sharpens machine learning algorithms, IoA-based prevention, and detection and response capabilities, ultimately leading to more agile, faster, and more comprehensive defense.
With a highly scalable, proactive, cloud-delivered cyber defense, businesses have the power to stop even the most advanced attackers from doing damage. As trends like BYOD and telework drive an increasingly borderless network environment and well-funded threat actors become more advanced, taking a unified, proactive, cloud-based approach to security is a necessity. Businesses need to move faster than their adversaries, leveraging advanced methodologies and techniques to amplify defenses.
About the Author
Amol Kulkarni is a seasoned engineering executive with extensive experience building large-scale big data enterprise cloud platforms, consumer cloud services and enterprise products while knitting together world class, high performing global engineering teams. Amol is currently the Vice President Engineering for CrowdStrike, overseeing the company’s engineering organization and customer facing technology infrastructure. Prior to joining CrowdStrike, Amol held numerous senior positions at Microsoft (News - Alert). Most recently, he was responsible for the knowledge platform in Bing driving significant gains for Bing’s U.S. search market share. Amol also held senior roles in Windows Azure and BizTalk Server, helping reduce COGs and improve developer productivity.