It is no longer enough to understand how you are being attacked; you need to understand who is attacking you and why. It is only though this understanding that a successful defence can be undertaken, says Jayson O’Reilly, director of Sales and Innovation at DRS.
“If you know who they are and what they want, you have a far better chance of stopping them. A hot topic for the security industry currently is the notion of active defence, which aims to protect a company’s information, not only from the malicious software that is out there, but from the actual people behind the code.
“Unfortunately, most defence techniques fail, because in order to defend the business 100% of the time, you would need to be right 100% of the time. Threat actors need only be right in a single instance. However, defending against the attacker himself would reverse this paradigm.”
O’Reilly says currently, security is a catch-up game. “Companies are trying to prevent everything, and there is just too much. Too often, resources are spread too thin, and the company ends up preventing nothing. Businesses spend billions on the latest threat prevention or mitigation technologies, only to find the attackers have already figured out ways to bypass them. Pinpointing the adversary, and building a solution specifically to defend against them, could be a silver bullet.”
He says knowing who is attacking you, and what they are after, would completely change the way you defend yourself. “You could identify your weak spots, and focus resources there, which would lower expenses and offer more successful protection.”
However, O’Reilly says identifying the attacker would require threat intelligence and analysis that is beyond the means of the average business.
“One way of getting effective threat intelligence would be to combine current threat intelligence gleaned from SIEM systems and network monitoring with big data analysis. This would enable an organisation to see whether they are being attacked by a particular foe or not, and enable it to formulate a more effective defence strategy.”
Currently, very few security companies claim to be able to identify specific threat actors, he says. “Knowing your attackers identity and motivation is invaluable to developing an effective defence.
Today’s cybercriminals are tenacious and determined. Fight them successfully once, and they will only be back for more. Understanding a bit about them, and knowing if you are in fact the victim of a persistent attacker can be extremely helpful in formulating a defence.”
He says most persistent attackers will have several indicators of compromise – they will use the same techniques or tools.
“Even though successful tools and techniques will be adopted by other attackers, understanding the author of the tools will help mitigate all attacks that employ them. Much of today’s malicious software is automated, randomly attacking machines depending on their vulnerabilities.
“These attacks can be dealt with using products and solutions from several vendors, but more sophisticated threats need an understanding of who is behind them, and what their motivations are to successfully defend against them.”