Cyber Security: Attack is the best form of defence

More than a few years ago, the best kind of security was to be defensive. Set up antivirus, set up firewalls and the rest would sort itself out. Fast-forward to the present day and it’s clear to the average business that this is no longer enough. Firewalls and antiviruses can still play a role, but in tandem with many other elements like people, processes and other technologies.

The onus is on companies to be proactive and Seamus O’Donoghue, the senior business development manager for Viatel, said that the ever-changing cybersecurity attack matrix means that business operations, values and reputation are all under threat.

“The cybersecurity threat is an ever-changing landscape that requires constant attention,” he said. “The requirement for implementing cybersecurity and awareness training modules is becoming the norm, particularly among medium to large companies both in the private and public sector.

“Businesses in Ireland are now on the journey to ensure cybersecurity security frameworks and solutions are implemented and are part of the culture of their organisations.”

Due to that change in focus for security, it means that being on the defensive isn’t a sufficient response to threats. Modern day security strategies require a mixture of defence and offence to succeed, purely because of the number of threat areas there are.

“A purely defensive security posture is no longer enough . . . today’s businesses need a strategy that is defensive and offensive,” O’Donoghue said. “Increasing data volume, the advent of cloud and hybrid computing environments, and more porous networks – like the Internet of Things and Bring Your Own Device initiatives – mean the corporate attack surface is more fluid and larger than ever before.”

Part of what made this area more complex than before is what O’Donoghue calls “the democratisation of tools and capabilities”. What that means is companies must protect themselves against everyone ranging from script kiddies to nation-state actors, as the hacking tools used are now more invasive and sophisticated than ever before. Therefore the reality for companies is to manage regulatory risks and set up ways to both discover and resolve threats swiftly.

One service that Viatel offers is its own risk assessment profile so it can tailor security that meets individual companies’ needs. O’Donoghue says many security service providers can offer assessments that are only designed to look at specific risks instead of the whole landscape, which can give companies a false sense of security.

“Many security services providers offer assessments that are only designed to look at specific areas of risk leaving you without a holistic view from the top down,” he explained. “Rather than taking a siloed approach, Viatel’s Risk Assessment is designed to identify risk across four key areas: organisational, programmatic (security), human and technical.

“As these areas require specialisation to assess, we employ multiple security teams with expertise in their individual fields, combined with intelligence from our Managed Detection and Response (MDR) platform which identifies attacks that bypass traditional security controls. This combination uniquely enables us to identify organisation’s risk measured via assessments against industry-standard frameworks, technical testing, phishing and malicious network activity monitoring.”

Much of the reasoning behind this kind of risk assessment is that you can become more proactive as a result. If you don’t know where your risks or vulnerabilities lie, then you’re going to have serious difficulty planning for any breaches, let alone knowing what to protect. The best way to protect yourself is to give yourself the necessary foundation to be proactive, and the industry is moving towards achieving this at a faster rate, something that MDRs can help with.

“Response capabilities are evolving toward faster reactions once a threat is detected,” said O’Donoghue. “The ability to disrupt and contain threats is becoming paramount. MDR is a turnkey approach to cybersecurity for midsize and smaller enterprises, allowing organisations to add 24/7 dedicated threat monitoring, detection and response capabilities that go beyond alerting to disrupt threats.

“Our unique approach pairs the strength of machine learning with the intuition of real people to uncover and disrupt cyber threats, from the simplest to the most sophisticated.”

This approach is designed to help out with any type of security set-up, from amplifying in-house teams, augmenting managed security service providers or just being a full-service security solution. The idea is that based on a company’s business and risk management needs, they can choose the tier of services that best suits their company.

To avoid any potential blind spots, O’Donoghue said: “Operating on a philosophy that all endpoint activity is potentially malicious, we watch and record every activity. We investigate potentially malicious signals leveraging proprietary attack pattern and behavioural analytics, not merely signatures or Indicators of Compromise (IOCs).”

When Viatel works with a company in implementing an MDR approach, it prioritises simplicity above all else. Adding greater complexity only ends up muddying the waters, and when you’re trying to mitigate risk, you need both augmented security resources and a quick response.

One essential part of it is using machine learning, which can be seen as a buzzword by some, but when used correctly, says O’Donoghue, it can significantly augment a security offering.

“When applied in the right way, machine learning can augment the analyst, not replace them,” he explained. “It is not a black box, and it is not magic, it is math.”

Through machine learning, it’s safeguarding its clients’ business by using it to automate the blocking of known attacks and combining it with human expertise to discover and neutralise unknown attacks, persistent threats, and insider threats. On top of that, it synthesises and analyses data from across a wide range of sources throughout the network and systems, making it difficult for adversaries to hide.

The most important part of this approach is that it’s all centred around people. As well as providing experts and advisers to organisations for answering questions and assessing their security strengths and weaknesses, it combines all its technological efforts with its Security Operations Centre (SOC) to monitor threats at a large scale. By offering both a broad and focused look at a threat landscape, it’s able to pinpoint what threats are worth noticing and which alerts are just adding noise.

“We apply machine learning to the network’s security and IT logs at a massive scale, Submerging false positives and benign alerts while surfacing and correlating signals that will expose the threat actor,” said O’Donoghue. “This empowers our SOC analysts to disrupt and contain threats.”