“What you don’t know will hurt you.” That’s the topic of a recent SC Magazine article by CrowdStrike CEO George Kurtz, describing the plight of today’s organizations. Faced with an increasing barrage of sophisticated attackers “seeking to compromise a network, obtain intellectual property or bring business operations to a halt,” Kurtz says business leaders often make poor decisions because of an incomplete understanding of the problem.
Kurtz says that too often, organizational leadership buys into the idea that “more is better” as they acquire layer after layer of security solutions, thinking that having a broad range of products will secure their networks. However, modern attackers have learned how to bypass traditional prevention solutions, such as legacy antivirus (AV). As he explains, “It’s become clear that there’s still too much that most executive teams don’t know about how to architect their strategy for success,” particularly when it comes to cybersecurity.
Kurtz advises that before you can mount a successful defense against sophisticated adversaries, you must take a step back and understand why these evolving threats are so successful against traditional security technologies. Most security solutions rely on identifying signatures and known threats, or they look for indicators of compromise (IOCs). He points out that the problem with IOCs is they can’t capture new methods designed to obfuscate, such as malware-free, or fileless attacks. In addition, attacks using new versions of existing malware can be created and launched within minutes — confounding traditional security methods. “We’ve seen this ring true with ransomware,” Kurtz says. “Its highly profitable nature motivates adversaries to craft new variants that can circumvent the traditional prevention technologies many businesses rely on.”
Although this situation seems bleak, Kurtz assures that there are approaches and capabilities organizations can use to keep pace with an evolving threat landscape. The key is for organizations to take a proactive approach to their cybersecurity and deploy solutions that look beyond malware, Kurtz says. He recommends employing technologies such as artificial intelligence (AI) and machine learning (ML), and methods that look for indicators of attack (IOAs). “Unlike IOCs, IOAs identify adversary behavior indicating malicious activity, such as code execution or lateral movement. By detecting an attack at various stages of the kill chain, organizations can prevent, detect and respond before damage is done,” he said.
Three Cybersecurity Must-Haves
Kurtz points to three key security tools organizations should look for in robust endpoint protection, including ML, threat intelligence, and the human “enforcers” who perform managed threat hunting. About ML, he says, “If machine learning algorithms are trained with data-rich sources, and augmented with behavioral analytics, they can be an extremely effective first line of defense against modern threats like ransomware.” He adds that threat intelligence can help you prioritize attack response, “Intelligence isn’t necessarily about going after a group or individual, rather it is focused on understanding the adversaries’ attack methods and what sort of impact they might have on your business.” Finally, he emphasizes that having a managed hunting team patrolling for anomalies provides “an extra layer of human protection that augments and enhances automated detection capabilities.”
Kurtz concludes by expressing concern that so many executives continue to rely on technologies such as AV and haven’t adopted the new approaches that can greatly improve their ability to defend against an attack. He warns that in many cases, cybersecurity risk hasn’t been put in terms that a board member can understand. “Given the impact of NotPetya, WannaCry, and other malicious attacks, security must become a board-level concern. Only then, will organizations truly know its impact on risk management, customer retention, and brand reputation,” he said.