Why Today's Dynamic Threat Landscape Requires a Multi-layered Response

When it comes to Cyber-Security, things were arguably a lot simpler 10 years ago. Organizations were far less exposed online, perimeter-based approaches were effective at keeping the bad guys out, and the attacks themselves were more straightforward. How things have changed today. For example, government figures earlier this year suggested that 43% of UK firms have suffered a security breach or attack in the past 12 months.

The only way to mitigate Cyber-Risk against the backdrop of the modern threat landscape is via multi-layered protection.

Today’s organizations are saturated with complexity. Hybrid cloud environments, Virtual Desktop Infrastructures (VDIs), an explosion in Bring Your Own Device (BYOD), mobile and Internet of Things (IoT) endpoints have all expanded the attack surface so that the traditional perimeter is effectively dead. Digital Transformation means business is built on data.

But there’s so much of it, and so many avenues to steal it that it becomes a huge challenge to secure. In addition, companies also need to ensure the resilience and reliability of data-driven services in the face of escalating ransomware threats.

In the first half of 2018 alone Trend Micro blocked over 20.4 billion threats for its customers and partners. That included a 93% year-on-year rise in ransomware.

But that’s only half the picture. Attackers have become smarter over the past few years. The days of threats using a single attack vector have long gone. Cyber-criminals are increasingly using multiple techniques in a single campaign, often requiring little or no human intervention.

Attacks are automated and highly effective, relying on exploits for known vulnerabilities that organizations have left un-patched. Everything the budding hacker needs to launch such an attack is readily available on the Cyber-Crime underground.

One notorious recent example is NotPetya, the destructive ‘ransomware’ campaign that cost some organizations like global shipper Maersk, and FedEx hundreds of millions. In this instance the attacker used a weaponised document using the publicly available SMB exploits EternalBlue and EternalRomance.

However, they also leveraged the mimikatz post-exploitation tool to self-propagate NotPetya worm-like so it spread to other connected networks. It ended up spreading in this way around the globe, causing huge financial losses along the way.

It can seem like a daunting task building a cyber-security response to this kind of offensive and viral capability. On the one hand, IT-Security managers must protect the organization against modern multi-vector attacks, while also responding to the more “commodity” threats like Conficker which continue to linger online.

Further, attackers are developing their tools with every passing day – it’s only a matter of time before they unleash machine learning techniques to help bypass defenses and improve phishing authenticity.

So what can we do? The sheer breadth of techniques at the disposal of black hat hackers means security leaders must start building up multiple layers of threat defense.

Cross-generational approaches such as Trend Micro’s XGen, are optimized so that the right solution is used to tackle the right threat at the right time. Management must be centralized and each piece of the puzzle must communicate with the other to maximize protection.

Some of those key pieces include:

• Virtual patching: delivers vulnerability shielding in critical environments until a patch can be deployed.
• Anti-malware: to protect against commodity and advanced malware.
• URL check: ensures users don’t visit harmful websites.
• Intrusion Prevention System (IPS): detects and stops network-based attacks.
• File integrity and monitoring: can provide alerts on suspicious behaviour that could indicate the early stages of an attack.

There’s no such thing as a single bullet to deal with the multiplicity of threats facing organizations today — especially not in complex mixed environments like physical, virtual, or hybrid cloud.

That’s why SoftwareONE and Trend Micro offer the broadest range of threat protection techniques possible to protect the modern enterprise.