Are your defenses advanced and persistent?

Brian Minick

Catching an advanced attack is hard. It’s even harder to catch the second, third, or fourth attack.

Advanced Persistent Threat. With the term APT being largely overused, the standard marketing has finally caught up and numbed us to the phrase “advanced detection.” But that’s a different story for a different day. Instead, let’s talk about how we at Morphick feel the “persistence” concept is a little underserved. It is one thing to detect and stop an attack. It is a different thing altogether to stop the second, third, and fourth attack from the same, persistent attacker. 

Think about it in terms of home defense. Locking doors and windows may be enough to turn away the opportunistic thief, but keeping out a more persistent, targeted thief requires a different level of home security and monitoring.

In cyber defense, I’ve seen attackers start with an email phish. When that didn’t work, they attacked external web servers. When that didn’t work, they tried to compromise VPN clients. When that didn’t work they tried to compromise suppliers. When that didn’t work, they would watch for announcements of corporate acquisitions and try to gain access as part of the company integration efforts.

Make no mistake. Cyber security is an arms race. Determined attackers do not simply run away. They are not deterred by a failed attempt. They regroup and try something new. In many cases, the attackers’ actual job – what they get paid to do, what puts food on their tables – is breaking into your company. If you stop them, they will come back. And they won’t try the same thing twice.
   
Rolling over and admitting defeat is not an option for them, or us. Companies must recognize not just the advanced nature of attacks but the persistent nature as well. Focusing on catching the first attack without having a strategy for catching subsequent attacks will result in winning a battle while losing a war. Companies unfortunate enough to be targeted by a persistent attacker MUST learn from each attack and morph their defenses accordingly. This continual process creates a defensive posture that is constantly changing allowing defenders to stay ahead of the attacker and win the cyber arms race.
 
Morphick will help you win the arms race. Creating defenses that morph as the attackers try different approaches is essential to defeating the PERSISTENT threat. 

Please check out the companion piece to this post: how to take this more robust defense and turn it into actionable business knowledge.