By Manikyala Rao, Architect - Cyber Security, Happiest Minds Technologies
Headquartered in Bengaluru, Happiest Minds Technologies enables Digital Transformation for enterprises and technology providers by delivering seamless customer experience, business efficiency and actionable insights through an integrated set of disruptive technologies.
We live in a world of highly sophisticated attacks, complex IT systems and huge amount of critical data increasing with every passing moment crucial to an organization. Keeping cyber attackers out of IT environment is a near impossibility these days. No matter how good an organization’s cyber defences are there is a high chance that it will be breached at some point. Custom crafted hacking can pass by traditional threat detection tools and exploit inherent weakness in modern networks. In such scenarios, a single compromise can result in significant damage with devastating results (and/or losses) for the business.
Why Prevention is not enough
Most organizations, across industries, are vulnerable to cybercrime and espionage with the advanced threat landscape that has been active for decades. If an organization assumes realistically that at some point they will breached, then logically CISOs need to reinforce their security measures. Over years organizations have focused their efforts in preventing their systems from being compromised by more effective password policies, system patching and more securely written applications but the preventive activities have not solved all problems. As threat prevention technology gains critical mass, hackers will always find ways to circumvent. Moreover, advanced threat agents with their range of technical tools, tactical sophistication and high degree of organizational skills are well resourced enough to plan and execute specific attacks. Cyber security analysts have been skeptical about threat detection tools and technologies for effective threat prevention with most considering it a cyber-security band-aid on the threat landscape bullet hole.
This does indicate that traditional signature based endpoint protection solutions and scanning tools may not be solely sufficient to protect advanced persistent threats and zero-day attacks. Detecting attacks requires security teams, to rely less on passive forms of threat detection. Instead organizations must actively keep tabs on their IT environment for any signs of malicious activity. However cultivating new capabilities when it comes to data analysis and incidence response can prove to be difficult for security teams. For most IT security teams, prioritizing problems given the various constraints under which they operate is a big issue. The question that plays on most CISO’s mind is: How vulnerable is my organization’s IT infrastructure?
Where Do We Go from Here?
Organizations who want to maintain a secure IT operation in this risk laden environment, needs to maintain a set of security controls customized to meet today’s work environment requirements. Organizations must implement a strategy that covers: Quick response, detection of potential threats automatically, effectively stopping malware execution and leveraging a combination of real-time visibility and historical data to generate alerts that can reduce impact of an attack. Utilizing endpoint threat detection and response software is one of the best ways to take care of the treat landscape, as it allows for a comprehensive way to fight against a variety of different exploits hackers can use to gain access to an organization’s network.
Intelligence driven security in threat detection and response is the need of the hour and organizations should advance their capabilities in constant and comprehensive network and endpoint monitoring. Two distinct product categories across gen next endpoint security are advance prevention and advance threat detection and response. While a number of firms gravitate towards the first one, most big scale organizations have been evaluating, testing and deploying ETDR.
Traditionally, the endpoint has been a desktop computer, but as we all know, today’s business environment thrives on BYOD culture. Today, enterprise endpoints include any device that can access the IT infrastructure from tablets to smartphones. This rapidly changing landscape is resulting in multiplying IT security risks as enterprises have more and more endpoints to monitor in their environments. Employees and associated resources who use personal devices like their mobile to access an organization’s infrastructure and services can unwittingly help hackers gain an entry even if they follow strict protocols.
How can Enterprises Address ETDR?
Organizations need to be clear with their employees on what is expected of them when they access and utilize the corporate IT infrastructure and services. Management must set rules, regulations and expectations regarding employee behaviour when accessing corporate data using official or personal device. Employees need to be properly educated and trained on corporate IT security policies. In quite a few cases, enterprises have been unaware that they have already been attacked. Highly sophisticated and malicious software can lurk for months within an enterprise in stealth mode, observing and recording the daily routines of end-users. Common tactics used by hackers include sending an infected email as bait to employees hoping to gain access and navigate through the enterprise infrastructure infecting administrative computers. Once a malicious malware is installed, it can record data such as keystrokes and take screen shots of employee workstations, enabling hackers to learn and understand corporate procedures. Malware can also enable hackers to control end-user workstations remotely.
Major security incidents that have been reported are mostly the result of human error or deception. Today, enterprises cannot assume that individual resources will do the right thing. Unless trained categorically, employees may not be aware of what the right thing is or not know what wrong thing needs to be avoided. Therefore, well-documented security policies that are repeatedly enforced are fundamental. Various forms of awareness and trainings need to be conducted, as the hackers change the tricks almost daily.
As an organization prepares to select and deploy ETDR, it can use the opportunity to access the state of the organization’s current security program on the following dimensions viz – oversight, technology, process and people. The products and vendors chosen can thus work within that technical environment and culture. Numerous EDR products are available today, of which some points should form an integral part of a top products for advanced detection and response must have:
1. Strong data management models
2. Massive scale
3. Open integration
4. Built in analytics
ETDR can help organizations achieve high standards of security. Once an organization has clarity on potential threats it can support the IT security team with a set of harmonized tools and processes, thus developing an agile security which can help them operate confidently in the digitized business world.