Prevent, detect and respond:  cybersecurity’s triple strategy

Prevent, detect and respond: cybersecurity’s triple strategy

Ransomware attacks are more sophisticated and innovative than ever – so cybersecurity solutions need to be just as complex and creative

Sponsored Article

28th November, 2021

Two-thirds of organisations have been the target of at least one ransomware attack in the last year. As a result, threat detection has had to change and adjust.

This statistic becomes even more damning when comparing threats regionally. According to Fortinet’s 2021 Global State of Ransomware report, EMEA businesses are more likely to become victims of ransomware than their North American counterparts (79 per cent compared to 59 per cent, respectively).

Long gone are the days of the ‘silver bullet’ solution that could cover most threats. Threat actors are more sophisticated and innovative than ever before, and it takes a full suite of solutions plus a prevent, detect and respond cyber strategy to mitigate against this prolific ransomware threat.

The game of entrapment

Threat detection and deception is fast becoming a popular and effective means for businesses and organisations alike to combat the growing ransomware threat and prevent an attack from penetrating further into their networks. Deception technologies operate in a way that entraps cyber criminals and helps lower their guards, leveraging the exact malware stream they would use against them.

The benefit of this is also to break the kill chain, and support IT and cybersecurity teams’ day-to-day running of the network. Prevention is understanding those malware strains through up-to-the minute intelligence and recognising where an organisation’s vulnerabilities may lie.

Ransomware often uses sophisticated techniques and tactics to penetrate an organisation and compromise an endpoint. But the end goal is really to encrypt an organisation’s files. Instead of fighting against this, the cybersecurity team can redirect the ransomware to only encrypt fake files – files that they’ve intentionally created and placed on the network to entice would-be attackers. By attempting to encrypt these fake files, hackers would expose themselves and their intentions, as well as reveal the existence of their malware before any damage could be done.

Cyber deception allows organisations to rapidly create a fabricated (fake) network that automatically deploys attractive decoys and lures that are indistinguishable from the traffic and resources used in the legitimate network. This can mimic an enterprise’s most important assets such as servers, applications, and data. This pseudo network is then seamlessly integrated with the existing IT infrastructure to lure attackers into revealing themselves.

Not only do deception technologies use ransomware’s own techniques and tactics against itself to trigger detection, but, more importantly, it also uncovers the attacker’s tactics, tools, and procedures (TTP) that led to its successful foothold in the network. Effective deception techniques should provide contextual threat intelligence that can be used to trace how an attacker compromised the organisation – such as through weak or stolen credentials or a vulnerable endpoint or server that allowed ransomware to spread – so those gaps in protection can be closed.

This approach can be used to minimise damage and protect an organisation’s true assets. In addition, deception technology can accelerate the average time to discover and address or respond to those threats.

The wider cyber framework

Attacks are inevitable. Prevention is about blocking as much as possible from getting onto the network. For example, anti-virus and IPS solutions work on the principle of having already seen suspicious activity and blocking any new instances from getting onto the network. It’s about recognising when that network, application or device becomes an attractive target. Should malware or other threats get through that prevention layer, additional detection technologies are at the ready to intercept and trigger a response.

Deception technologies can be leveraged at this stage to further entrap attackers with various types of lures and breadcrumbs. Some of the traps that can be laid for attackers include sensitive documents, open ports, high-profile credentials, IoT devices, as well as services which have the appearance of running real applications for them to interact with.

By combining deception technology with a comprehensive security platform, organisations will be able to prevent, detect and respond to attacks, such as ransomware, with enough time to circumvent large-scale damage. Thus, the cyber security trifecta: prevent, detect, and respond.

In today’s high-risk digital marketplace, being prepared and having a plan in place to respond to a ransomware attack is critical for CISOs. But the foundation of any plan or preparation must be the security technologies and teams in place. They need to be designed and trained to address the ways ransomware operates, protect all attack vectors, enable broad visibility and detection, automate containment in real time, and coordinate an effective response at every edge.

With ransomware being the most prolific threat of 2021 and as we look to 2022, businesses can no longer wait until something bad happens. They must have that holistic view in order to mitigate threats and keep dangerous targets at bay.

Share this post

Related Stories

We are on the cusp of a transformation

The Healthcare System cannot afford to stand still

Why location intelligence is the science of where

Relocating your business in an age of Big Data