Steal The Hackers' Hammer And Transform Your Endpoint Protection Strategy
Submitted by Karine Gidali on
But by shifting focus from the growing number of software vulnerabilities that need to be patched and the millions of new malware that surface every day to the tools and techniques attackers use for their insidious work, you can prevent even a never-previously-seen attack before it starts.
This prevention stance saves your organization money, preserves its reputation and secures its most valuable data.
The APT Menace
Failsafe prevention traditionally requires prior knowledge of a threat to be able to stop it. Typical endpoint protection technology scans for signatures, behaviors or irregularities, hoping to catch them early enough to prevent major invasions.
But scanning isn’t effective for advanced persistent threats (APT), which don’t display easily traceable signature behaviors, and often have been morphed to bypass signatures. It’s simpler than you’d think for an attacker to take a known piece of malware and spin it into something new and unknown that will be much harder to detect. Think of it like antibiotic-resistant bacteria that have mutated into something doctors can’t treat.
Security efforts usually focus on remediating attacks rather than preventing them because they’re so hard to detect. Attack detection takes 225 days on average, according to the Ponemon Institute. By that time, the bad guys have usually gotten what they needed and moved on. Worse, 84 percent of attacks aren’t detected internally. It takes a call from the FBI or a furious customer before companies even realize they have a problem.
At that point, any remediation is more of a Band-Aid than a solution. Data breaches cost companies an average of $200 per customer, according to the Ponemon Institute. And repairing a company’s reputation following a breach can take years.
Detection and remediation do help, but it’s often too little, too late. Once attackers reach your corporate data, it’s the equivalent of owning your company’s DNA.
Disabling The Attackers’ Toolkit
A better approach stops attackers before they ever breach your network. It focuses on attackers’ core techniques—think of it like taking the hammer out of their toolbox. If they can’t strike the nails, they can’t puncture your organization.
By focusing on attackers’ tools rather than the constantly expanding universe of APT variations, you narrow the threat landscape from thousands of variations to about two dozen techniques. Attackers must string together a chain of techniques to breach a network, so if you knock out just one element, you stop them in their tracks.
To be effective, attackers must use their tools in a precise sequence, so eliminating just one, no matter when they attempt to use it, will thwart the whole attack. This turns the focus to the core of the attack—the tools that make it possible—so it doesn’t matter what or who the attacker is trying to infiltrate. The strategy works even on zero-day attacks that no one has ever seen.
This approach can function in tandem with antivirus software, but ultimately many organizations will discover that disabling the attacker toolkit is the only protection they require. You don’t need to constantly scan for threats that have no chance of breaching your walls. Once they have taken this approach, organizations find they can then reallocate funds from antivirus software to other strategic initiatives.
Because this type of prevention focuses on the basics, it’s also future-proof because it doesn’t require updates. While any industry will benefit from a prevention-based approach, it’s particularly valuable for financial services, retail, utility, and oil and gas companies because those systems have rigorous productions or processes that make them difficult to update or patch.
By targeting attackers’ tools, companies no longer need to worry about being caught with their door unlocked.
Karine Gidali is a Product Marketing Manager for Palo Alto Networks.