FEATURE: THREAT ASSESSMENT
NIMBLE
ATTACKERS CAN
EASILY CREATE
AND HIDE THEIR
EXPLOITS IN AN
INFINITE NUMBER
OF WAYS.
systems, such as Heartbleed or Duqu 2.0.
These vulnerabilities are virtually impossible
to detect via signatures because they only
stop known threats.
Creating new signatures is a tried and tested
solution. It’s the bedrock of everything from
antivirus software to next-generation firewalls,
intrusion detection systems (IDS) and
intrusion prevention systems (IPS). However,
they are always several steps behind attackers
and can create a false sense of security.
Focus on attacker behaviour
Attackers can change malware, search for
unknown vulnerabilities and steal data from
systems they have permission to access. But
they can’t change their attack behaviours
as they spy, spread and steal from a
victim’s network.
These behaviours can be observed, giving
organisations real-time visibility into active
threats inside their networks.
Today, the savviest organisations
complement their signature-based defences
with automated threat management. They
stay up-to-date on prevalent attacker Tactics,
Techniques and Procedures (TTPs) from
evidence-based sources like the Mitre ATT&CK
framework, to hypothesise possible attacks
and put appropriate controls in place.
36 INTELLIGENTCIO www.intelligentcio.com