Five ways to combat increasingly costly cyberattacks | SC Media

Five ways to combat increasingly costly cyberattacks

November 4, 2021
Today’s columnist, Rob Cataldo of Kaspersky, says that while the pen testing tool Cobalt Strike was used in the SolarWinds case to execute lateral movement, over the past year, the use of these tools has become more widespread. Cataldo offers a strategy for managing networks in a world where not just the top nation-state hackers have access to such dangerous hacking tools. ("SolarWinds letters" by sfoskett at[email protected]/16100325080 is licensed under CC BY-NC-SA 2.0)
  • Train the staff. Make sure that company employees have a clear understanding of information security policy and know what risks any violations bring. Do this by implementing security awareness training.
  • Patch frequently. In most cases, attackers use old unpatched vulnerabilities to penetrate the infrastructure. That’s why consistent patch management has become a must-have for all organizations. This includes regular updates of vulnerability details from software vendors, scanning the network, and OS updates.
  • Combine different tactics to detect threats. Even a complex attack consists of simple steps and techniques, and detection of a particular technique can reveal the whole attack. Different detection technologies contribute to finding different adversarial techniques and maintaining a variety of security technologies raises the detection chances. At the very least, companies should use an endpoint protection platform and network intrusion detection system.
  • Arm the SOC teams with relevant skills and tools. For instance, red teaming exercises have to simulate realistic complicated attacks which leverage the latest adversarial tactics, such as new evasion techniques using CLR, and provide a clear picture of the company’s operational security status. 
  • Deploy managed detection and response services. For companies with a lower cybersecurity maturity profile, this type of service can compensate for a SOC as it offers automatic as well as manual threat detection essential for fileless attacks. More advanced companies can still benefit from MDR because it offers additional scanning and expert evaluation of incidents.
prestitial ad