Intelligent CIO Africa Issue 42 | Page 36

FEATURE: THREAT ASSESSMENT NIMBLE ATTACKERS CAN EASILY CREATE AND HIDE THEIR EXPLOITS IN AN INFINITE NUMBER OF WAYS. systems, such as Heartbleed or Duqu 2.0. These vulnerabilities are virtually impossible to detect via signatures because they only stop known threats. Creating new signatures is a tried and tested solution. It’s the bedrock of everything from antivirus software to next-generation firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). However, they are always several steps behind attackers and can create a false sense of security. Focus on attacker behaviour Attackers can change malware, search for unknown vulnerabilities and steal data from systems they have permission to access. But they can’t change their attack behaviours as they spy, spread and steal from a victim’s network. These behaviours can be observed, giving organisations real-time visibility into active threats inside their networks. Today, the savviest organisations complement their signature-based defences with automated threat management. They stay up-to-date on prevalent attacker Tactics, Techniques and Procedures (TTPs) from evidence-based sources like the Mitre ATT&CK framework, to hypothesise possible attacks and put appropriate controls in place. 36 INTELLIGENTCIO www.intelligentcio.com