
Ransomware Head to Head: Don't Follow the CRWD
When ransomware threatens to shut down your business, the most critical measures of success is the ability to detect malicious activity in real time...
Lital Asher-Dotan
While 70% of security’s efforts are focused on preventing penetration from occurring, the reality is that penetration can occur within minutes and can be close to impossible to detect. The fact is, penetration is inevitable; organized hacking teams have ample time and financial resources to penetrate a network one way or another. Hacking teams are known to have and maintain a high success rate when it comes to network penetration because of their ability to find and exploit even the slightest vulnerability.
It is human nature to accept the most obvious and easy explanation rather than suspecting that something is the result of malicious intent. This human tendency can oftentimes hinder security teams from understanding a malicious operation within their environment. Assuming that “what you see is what you get” leads to a false sense of security; there is always something more to the story.
Remediating security issues as fast as possible is very risky because you will be unable to fully understand how they are connected. Attackers will often deploy many different types of tools to make up their attack, both known and unknown. Furthermore, they will deploy decoy attacks and deploy excessive known elements to deceive and distract their defender. It will be impossible to understand a hacking campaign if you quickly remediate isolated incidents without deep investigation.
Endpoints are a common penetration point because they are known to be very vulnerable. In addition, keeping lateral movement in mind, endpoints are a great place for a hacker to deploy ‘low and slow’ techniques for these persistent threats, and learn an organization inside and out. While monitoring your endpoints can allow you to detect a cyber-attack at an early stage, neglecting your endpoints substantially decreases an organization's visibility.
Although detecting malware is important, malware is only one hacker tool; it is never the only technique deployed. Moreover, many hacking teams avoid deploying malware all together in order to better evade detection. Remediating malware one by one is not effective because it will not disable a hacker from reaching their target and it will never give you visibility to the full attack.
More than 50% of organizations reveal their concern about their security solutions producing too many false alerts. In addition, because security talent is scarce, it is impossible for security teams to properly investigate and validate their alerts through a manual process. Excessive alerts are a time soak, desensitizing security analysts and giving no insight to whether an attack is underway.
Lital is a Marketing Team Leader, Storyteller, Technology Marketing Expert. She joined Cybereason as the first marketing hire and built a full marketing department. Specializing in brand building, product marketing, communication and content. Passionate about building ROI-driven marketing teams.
When ransomware threatens to shut down your business, the most critical measures of success is the ability to detect malicious activity in real time...
RansomOps describes the entire multi-stage ransomware operation with an ensemble of players who contribute to these highly targeted attacks from initial ingress to lateral movement in the network to delivery of the final encryption payload...
When ransomware threatens to shut down your business, the most critical measures of success is the ability to detect malicious activity in real time...
RansomOps describes the entire multi-stage ransomware operation with an ensemble of players who contribute to these highly targeted attacks from initial ingress to lateral movement in the network to delivery of the final encryption payload...
Get the latest research, expert insights, and security industry news.
Subscribe