Adapting to fast-changing threats

Relying on traditional endpoint security won’t wash against an ever-changing adversary: cybersecurity firms like Viatel are now balancing prevention with active detection

Of all the threats that a business faces, its endpoints will continue to be the biggest ones. It’s an inevitable reality. As more devices and services are connected to a network, the number of endpoints that are available for bad actors to enter in increases.

It’s a risk that all businesses should be aware of as their dependency on digital products and services increase. No matter what, the endpoint continues to be the primary vector of attack, despite the improved awareness and implementation of good security practices, said Seamus O’Donoghue, the senior business development manager of Viatel.

“The endpoint continues to be the primary vector of attack,” he said. “This is in spite of strong adoption trends in employee security awareness training, email security, and related solutions. Intrusions are an unfortunate inevitability. However, a majority can be prevented with proper implementation, continuous tuning and advanced detective capabilities that account for the latest threats.”

There are some good reasons why endpoints are the most popular targets for malicious actors, said O’Donoghue. For one, there is no such thing as complete protection – intrusions are inevitable despite employee security awareness training, email security, and related solutions.

Seamus O’Donoghue, senior business development manager, Viatel

While a majority of attacks can be prevented if you’ve carried out proper implementation, continuous tuning and advanced detection capabilities that account for the latest threats, it’s best to expect that some will slip through.

If you’re a smaller organisation or one that hasn’t kept up with the times, relying on traditional endpoint security can be a recipe for disaster, and O’Donoghue has an apt analogy to highlight this. “Traditional endpoint security products are kind of like shopping mall security staff,” he explained. “They’re able to spot the most obvious shoplifters and troublemakers and prevent them from causing damage. They’re not going to identify any kind of bad actor who knows how to evade detection. They’re not going to offer much resistance in a live-action scenario against a sophisticated adversary; they’re not going to offer much beyond eyewitness testimony to the police for the investigation after the fact.”

The other problem faced is with those who aren’t large enterprises, who won’t have the resources to properly invest in security measures or staff to keep up with these threats, with the landscape constantly evolving. For providers like Viatel, it means that a holistic approach is required.

“We deliver a holistic preventative endpoint solution using predictive models that continuously adapt and harden defences to better identify and automatically block known, unknown and fileless attacks,” O’Donoghue said. “The purpose of our service is to upgrade the shopping mall security guard – the use of antivirus, and traditional endpoint products – to a team of Navy Seals; next-gen endpoint security integrated with managed detection and response.

“The Navy Seal team has experience and cutting-edge military technology that can spot especially deceptive adversaries. They have the weapons and experience that allow them to swiftly neutralise a threat through automated blocking or engaging in a live combat scenario if necessary, using endpoint isolation/containment. Finally, they deliver detailed insight into the operation for debriefing once the threat is neutralised.”

This kind of approach is necessary considering the vast number of devices that are out there, making the corporate attack surface more fluid and larger than ever before. Viatel does protect against this through its managed defence and response methods, using Carbon Black Defence and security experts to deliver a holistic solution.

“We use predictive models that continuously adapt and harden endpoint defences to identify known and unknown threats with automated blocking of both known, unknown, and file-less attacks,” said O’Donoghue.

“We work with clients to speed deployment and continuously tailor policies to the individual organisation, creating a more hardened state with continuous adaptation for an organisation’s unique threat landscape.”

So what does that mean for firewalls and IDS (Intrusion Detection System) that are out there? O’Donoghue said such systems are converging and that “some new, largely unproven capabilities are being deployed in the anomaly and behavioural detection realms”. The big problem is they only really work with black and white situations; anything in between and they struggle. Thankfully, most people recognise that this is the case.

“Most people recognise that the core problem with these technologies hasn’t changed. They don’t deal with grey very well,” he said. “The real world is grey. The real world changes rapidly, and the rules of engagement differ vastly between the good guys and the bad guys.

“The expression ‘life isn’t fair’ couldn’t be more applicable to today’s CISOs (chief information security officers). But fortunately, there is a different approach that is becoming widely accepted as a practical way to effectively deal with cybersecurity, it involves balancing prevention with active detection.”