The security ecosystem
Thousands of security bodies and security researchers work round the clock to innovate and develop an effective solution to address emerging threats. Organizations spend millions of dollars every year to enhance their security posture and tools. They keep researching zero-day vulnerabilities, building artificial neural networks (ANNs) for endpoint protection, making machine learning models for new threats, building an effective cybersecurity incident response process and awareness program, and so on.
There are four main categories of cyberattack prevention strategies:
- Reduce the attack surface: Most organizations have a regular process to conduct vulnerability scanning both externally and internally for unwanted application ports, file extension information, and platform information. This continuous process of security threat evaluation helps them to determine answers to the following questions:
-
- What are we doing different? (technology, process, application, people, and so on)
- What are the top risk applications?
- What are the security gaps in the network?
- What are the most risky users and processes?
Michael Howard (Security Business Unit at Microsoft), Jon Pincus (Researcher at Microsoft), and Jeannette M. Wing (Computer Scientist at Carnegie University) have developed a method to measure the attack surface of any application and to keep track of every change to the attack surface. They named it Relative Attack Surface Quotient (RASQ). Their work is motivated by the practical problems faced in the industry today. The approach to measure relative security between systems was inspired by Howard's informal notion of relative attack surface. They have added three attack vectors to Howard's original 17 and showed the RASQ calculation for five version of Windows.
- Complete visibility: Some of the most popular ransomware, such as WannaCry and NotPetya, uses SMB-based vulnerabilities to compromise endpoints. Although SMB is a commonly used Microsoft protocol, an organization with complete visibility can separate good SMB behavior from bad SMB behavior. Similarly, there are various anomalies that are difficult to be protected from using existing security systems; however, detection becomes the key to exposing such malicious behaviors and even helps in post-infection analysis. This strategy also improves an organization's security posture.
- Prevent known threats: Verizon's 2017 Data Breach investigation report found that 99% of malware is only seen once before threat actors modify it, and it takes both defenders and adversaries in the battlefield of non-stop cyberwar. Although high-profile cyberattacks always make breaking news and gain the attention of organizations in regard to protecting against these attacks, firewalls and antivirus software are necessary as the first line of defense for networks and endpoints.
- Prevent unknown threats: With today's advanced threats and hacking techniques, it has become a myth to say that you have protection against 100% of attacks. There are advanced and unknown threats that have never been seen before, and they even behave exactly like a legitimate user, and in order to detect and respond to such threats, organizations are adopting new approaches with the capabilities of dynamic and behavioral analysis; machine learning/deep learning; and attacker techniques, tactics, and procedures (TTPs) analysis.
In addition to these well-known and heavily adapted security technologies, several security organizations and experts are continuously exploring new ways to defend their organization's critical assets from emerging threats. The bad news is that the majority of defenders still treat them just like any other malware; however, the fact is cyberattackers have become even more sophisticated, financially motivated, and patient in nature. They have become significantly more complex to identify, they are manually executing commands and tools (criminals never take risks in the case of a bigger target), and attackers penetrate the network from multiple avenues of approach simultaneously.