With today’s breach rates, it is no longer enough to build up your external defenses and hide within them—you must reposition your security strategy to be more proactive. You need to implement technologies like FireEye iSight that not only defend, but also seek out intel from deep within the threat landscape itself.
Info-Sec Needs a Fourth Pillar
Currently, there are three generic pillars in InfoSec assurance:
- Detection
- Identification
- Remediation
Unfortunately, this is a reactive approach at best; it always has been.
As such, there is a growing movement within the industry to “install” a fourth pillar for hunting, based on the argument that, if you’re not proactive, then you’re always reactive. And consequently, you are forced to find and remediate based on patient zero (patient zero will always exist so long as you are a reactive company).
By using hunting, companies can go on the offensive, and there doesn’t have to be a patient zero; environments don’t have to be breached to learn about the attack vector after the fact. We can prevent them from ever occurring, but we must go out and hunt for the anti-insurgency data beforehand. This stance has been key in business strategies for years now, but now the security industry is applying it as well.
And FireEye iSight is helping to lead the way.
How FireEye iSight is Pushing Proactive Forward
FireEye iSight delivers the level and depth of security intelligence necessary to stay at the forefront of cyber threat metrics.
iSight is a threat hunting research company that actively searches the Dark Web, infiltrates hacker rooms, and joins DDoS-as-a-service sites to pinpoint where cybercriminals are architecting malicious viruses. From there, iSight security experts analyze and generate actionable insights from the data they collect and report back to iSight about these activities and potential threats. Everyone with the iSight service then automatically gains that anti-insurgency intelligence (and it’s not just FireEye who leverages iSight heuristic intelligence; Cylance and Check Point do the same).
Experience, Process, and Aggression
The iSight security research team is made up of ex-military InfoSec experts who use their vast experience to penetrate these Dark Web areas much in the same way they’d already done in some capacity for the DoD. This expertise makes iSight structurally sound through high-quality reporting protocols, vetted leadership, and hierarchy, as well as meticulous execution practices.
Most importantly, these security experts don’t just look at iSight from a business standpoint; they also approach their jobs from an attack perspective. They go beyond the regular threat intel by conducting some very aggressive hunting—a stance fueled by their military backgrounds.
Reactive No Longer Works
With today’s morphing, multi-vector attacks, there is no way that a simple reactive security process will sustainably protect you in the future.
Instead, what FireEye iSight experts realized was that the companies needed to aggressively seek out threat potentials and share what they found heuristically before it ever breached a single organization. Look at the latest couple of attacks, like WannaCry, for instance:
The vulnerability came in as an external link and became a ransomware issue. But then Petya came in and deleted the customer data being held for ransom, and it became an infective DDoS attack.
These attacks are no longer single-vector viruses—they are polymorphic in nature. The attack changes its approach upon initial detection. In fact, new attacks now have “sleep mode” for when they detect sandbox technology; the virus or malicious code will stay dormant long enough to be accepted by the firewalls before eventually detonating once inside the networks.
The aggressive threat hunting leveraged by FireEye iSight (along with advanced managed detection response solutions like FireEye MDR) is one of the few things that will help us mitigate these highly-adaptive attacks.
Why Aggressive Hunting Works Against These Attacks
Because of iSight’s threat hunting capabilities, InfoSec experts are “there” when the attacks are first created—they see how the code is built.
And while many of these hackers are intrinsically brilliant with code, they are often not so smart as to keep their mouths completely shut. They like to brag to other hackers about what they have done, and they like to test (and show off) their attacks in sandboxes, private hosting facilities, and other sites across the Dark Web. When iSight experts gain access to these testing areas, they can observe the outcomes of the tests as well as the characteristics of the attack itself. From there, they build a profile of the attacks because they know what the hackers are attempting to do.
This proactive approach informs your company about an attack before it even deploys. Your networks and security technologies will be ready to defend specifically against the attack before it occurs, thanks to your FireEye iSight intel.
Forward Thinking
Like iSight, ADAPTURE is always focused on that next level threat, determining the most innovative ways to defend and fight back. If you want to greatly reduce your “patient zero” again, you need a more proactive security strategy.
It’s time to Think Forward.