At a time when remote work and its increased security risks have become the norm, ongoing difficulty in safeguarding corporate networks suggests that the status quo isn’t working. That’s why IT security teams are moving from a passive to an active approach. The MITRE Corporation (a nonprofit that manages federally funded research and development centers) recently introduced its Shield framework, in which it clearly states that active defense is critical in overcoming today’s threats. Business leaders who know the latest strategies and recommendations place their companies in a strong position to remain secure.
The concept of active defense
Shield is an active defense knowledge base developed from over a decade of enemy engagement. With it, MITRE is trying to gather and organize what it has been learning with respect to active defense and adversary engagement. This information ranges from high-level, CISO-ready considerations of opportunities and objectives to more practitioner-focused conversations of the tactics, techniques and procedures defenders can use. This latest framework is aimed at encouraging discussion about active defense, how it can be used, and what security teams need to know.
Defining active defense
Active defense covers a swathe of activities, including engaging the adversary, basic cyber defensive capabilities and cyber deception. This entails the use of limited offensive action and counterattacks to prevent an adversary from taking digital territory or assets. Taken together, these activities enable IT teams to stop current attacks as well as get more insight into the perpertrator. Then they can prepare more fully for future attacks.
As MITRE notes, the modern security stack must include deception capabilities to truly deter and manage adversaries. In Shield’s new tactic and technique mapping, deception is prominent across eight active defense tactics—channel, collect, contain, detect, disrupt, facilitate, legitimize and test—along with 33 defensive techniques.
The truth about deception
Threat actors are targeting enterprise networks nonstop, anyone from nation-state attackers seeing proprietary information to more run-of-the-mill criminals looking to cause chaos and obtain some PII they can exploit. Analysts estimate that critical breaches of enterprise networks have increased by a factor of three to six, depending on the targets.
As leaders consider their security strategy, they need to not only understand what active defense means but also what deception actually is. A prevailing misconception is that deception is synonymous with honeypots, which have been around for a long time and are no longer effective. And to make them as realistic as possible requires a lot of management so that if attackers engage with a honeypot, they won’t be able to detect that it is not a real system and therefore know they’re in the middle of getting caught.
So, it’s time to clear up that notion. In truth, deception technology and honeypots are not synonymous. That’s how deception began, but it has evolved significantly since then. Today’s deception takes the breadcrumb/deceptive artifact approach that leads attackers on a false trail, which triggers alerts so that defenders can find and stop the attackers in real time. Only unauthorized users know the deceptions exist, as they don’t have any effect on everyday systems, so false positives are dramatically reduced. These aspects of deception technology add financial value to the IT security organization.
In addition, some organizations wrongly perceive that deception is too complex and yields comparatively little ROI. Security organizations could enjoy the benefit of using deception technology – which is lightweight and has a low cost of maintenance – but some are hesitant because they think it’s an overwhelming, complex approach that they won’t get enough value from. However, using technology assists like automation and AI, deception eliminates the complexity it has been previously known for.
Organizations tend to think of deception from a technology standpoint, but that’s wrong; it should be thought about from a use case standpoint. For instance, detection is a fundamental element of any security program. Everyone needs better detection capabilities – part and parcel of what today’s deception tools do.
A stronger defense
As cybercriminals’ tactics and tools continue to change, so must defenders’. An expanded threat landscape and new attack types make this job tougher than ever. Many organizations around the world were thrust into rapid digital transformation this year, which created security gaps for bad actors to exploit. The events of 2020 highlight the need for a better approach to securing critical assets. Active defense is part of that approach, as outlined in the MITRE Shield framework. Deception technology is an agile solution worthy of incorporation into an organization’s security strategy.
One of the biggest challenges advertisers and media will face in 2021 is being able to communicate with consumers and transact effectively in a cookie-free world. Entrepreneur en Español | 5 min read Success Stories
Mike Ling Came to America to Study Medicine. Now He Runs a Successful Fitness-Tech Company. It All Came Down to Passion.
Eligible workers won’t have to choose between earning income and getting vaccinated. Stephanie Mlot | 2 min read
How to protect yourself against cyber attacks during an age in which we all have to be educated and vigilant at home and at work. Download your copy of Roboform Password Manager for personal and business use: http://ow.ly/o1A530qhvNa In this video I describe some ways in which you can protect yourself and your assets against cyber attacks. It’s not an exaggeration to state that we are in the midst of an epidemic of cyber crime. Even if you take the reported cases at face value it’s bad enough but there are reasons to suspect that the actual situation is much worse because so much is not reported. The police are under resourced, investigations are complex, and consequently the criminals feel empowered to continue and to step up their attacks.
So the onus is on us as individuals and business to strengthen our defences and to mitigate the risks by taking the essential precautions. Some of these tips may seem obvious and yet it’s amazing how many people fail to act on this type of advice. 1: Use strong and unique passwords. Yes, I know, logging in (and clicking away the cookie notice) is a pain but it can be semi automated with a good password manager. I’ve used Roboform for years (see link below) and it includes a tool that will generate cryptic passwords containing a mix of numbers, symbols, and letters in upper and lower case. These are stored in an encrypted file which is synchronised across all my devices; PC, laptops, mobile phones. You should use long, unique, and cryptic passwords of 12 characters or more for everything that requires you to log in – not just your pension account or favourite shopping site, but also the broadband router on your home network – everything. If the log-in process includes the option to send a passcode to your mobile phone then enable it and use it. 2: Be aware of data breaches and react to them. Even with a strong password your details may be compromised if a company fails to protect their network and thieves hack in and steal data. If you see any such reports in the press check to see if you have an account with the company and if you do, change your passwords immediately. This won’t stop you details being sold on the Dark Web but it will prevent anyone from using your now compromised password. Meanwhile, remain vigilant for any calls, mails, or other signs that your identity is being used by a criminal. Continued in the video…
My recommended products on Amazon.com: https://www.amazon.com/shop/benlovegrove My recommended products on Amazon.co.uk: https://www.amazon.co.uk/shop/benlove… My YouTube Channel Information: Subscribe to my channel: https://goo.gl/FhzGmn My most recent upload: https://goo.gl/ujZ7ms My most popular upload: https://goo.gl/ThKf7y My Playlists: Flight Training, Private & Commercial Pilot: https://goo.gl/EuD7wt Learn To Fly, Get Your Pilot’s Licence: https://goo.gl/6Z6h6P General Aviation: https://goo.gl/p8MLZY Aviation Careers: https://goo.gl/bhZWXL Career Training & Business Tools: https://goo.gl/rh9P46 My Social Media Links: Twitter: https://twitter.com/BensBookmarks Instagram: https://www.instagram.com/ben_lovegro… Facebook: https://www.facebook.com/redspansolut… My Secrets Revealed: I create these videos using Vidnami: http://ow.ly/lu1e30qRlhC I optimise these videos using TubeBuddy: http://ow.ly/x7yH30qRlhU Contact me: Go to my channel homepage and click on the About tab to reveal my email address: https://wwww.youtube.com/c/benlovegrove Show your support: Sponsor more videos like this: https://www.patreon.com/redspan Consider leaving a tip: https://paypal.me/redspan Bespoke videos made for you: https://goo.gl/22u4R6 Acknowledgements: This presentation contains images that were used under a Creative Commons License. Click here to see the full list of images & attributions: https://app.contentsamurai.com/cc/734825 This presentation may also include video clips licensed under the Creative Commons Zero (CC0) license and/or video clips of our own.