One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8400888 |
| Date de publication | 2023-10-26 06:00:18 (vue: 2023-10-26 15:08:15) |
| Titre | Break the Attack Chain with Identity Threat Protection |
| Texte | “The attacker only has to be right once. Defenders have to get it right every time.” This well-known saying has shaped countless cybersecurity strategies. The belief is that a single compromise of our defenses can lead to a catastrophic outcome. As new risks emerge and attackers develop tactics to evade controls, defenders face the daunting task of protecting an ever-expanding array of connected identities. Many companies now embrace resilience strategies, accepting that an incident is inevitable - “It\'s not a matter of if, but when.” That\'s because defenders have been fixated on the impossible task of protecting everything within the business. But a new industry approach to cyber defense in recent years has emerged that points the path towards a better way. Instead of protecting everything, defenders should aim to neutralize attackers\' tactics, techniques and procedures (TTPs), which are hard to replace. This disrupts the completion of the attack chain. What is the attack chain? And how does identity threat protection disrupt it? That\'s what we\'re here to discuss. The enduring relevance of the attack chain No other concept has captured the essence of successful cyber attacks like the attack chain (aka the “cyber kill chain”), which was developed by Lockheed Martin in 2011. Even 12 years later, the attack chain remains relevant, while defenders struggle to prevent the most impactful incidents. While cyber criminals don\'t follow the same steps every time, the basic phases of an attack are pretty much always the same: Steps in the cyber attack chain. The challenge of initial compromise The first phase in the attack chain is the initial compromise. Modern cyber criminals use an array of tactics to infiltrate companies and wreak havoc on their systems, from BEC attacks to cloud account takeovers and ransomware incidents. One trend is to exploit trusted third-party relationships to compromise companies through their suppliers. What seems like an innocuous initial email can escalate into a full-scale compromise with great speed. Once attackers gain unrestricted access to a company\'s domain, they can infiltrate email accounts to commit fraudulent activities. One alarming twist to credential phishing emails is that they can evade detection. They leave behind no traces of compromise or malware. Even with the rise of multifactor authentication (MFA), these attacks continue to surge. Once accounts are compromised through a credential phishing email or a vulnerable remote desktop session, businesses face the next phase of the attack chain: privileged escalation and lateral movement within their networks. Next phase: privilege escalation and lateral movement This is the middle of the attack chain. And it\'s where threat actors try to breach a company\'s defenses. Often, they do this by compromising the identities of employees, contractors, service providers or edge devices. Their main goal is to use this initial access to elevate their privileges, typically targeting Active Directory (AD). AD, which many businesses around the world use, is susceptible to compromise. It can provide attackers with unparalleled control over a company\'s computing infrastructure. With this access, they can engage in lateral movement and spread malware across the business, causing more harm. Finally, the risk of data loss Attackers don\'t rely on a single stroke of luck. Their success hinges on a series of precise maneuvers. Monetary gains through data exfiltration are often their objective. And once they have navigated the intricate web of identities, they can target valuable data and orchestrate data theft operations. Defenders must disrupt this chain of events to prevent the loss of sensitive data, like intellectual property or customer identifiable data. Then, they can gain the upper hand and steer the course of cybersecurity in their favor. The three best opportunities to break the attack chain. Building a map of your organizat |
| Envoyé | Oui |
| Condensat | 2011 2020 2022 365 about accepting access account accounts across actions active activities actors actually admin administrator adopt adversary aegis against aim alarming alert allowing almost along already also always amount another anything apple applications approach are armed around array articles asset assets associated attack attacker attackers attacks attacks attempts authentication available awareness away bad based basic bec because become been before behind belief best better bigger block bloodhound bolster bottom breach breaches break build building business businesses but cached can capabilities captured catastrophic category causing centric chain chain: chain chain” challenge challenges challenging change choose city class clear close closing cloud collective combinations combining come commit commitment companies company completion comprehensive compromise compromised compromises compromise compromising computing concept conceptually conclusion confront connected connects considerable consult context continue contractors control controls copy could countless course credential credentials criminals critical customer cyber cybersecurity data daunting deceptions defend defenders defense defenses deliver deploy deserve desktop destination detect detectable detection devastating develop developed devices directory discuss disrupt disrupts does doing domain don down due dynamic each earliest early edge efficient efforts either elevate email emails embrace embracing emerge emerged emerging emphasized employees enable enables enabling endpoint enduring engage enough: ensure enterprises entirety entitlement environment environments escalate escalating escalation escalations esg essence evade even events ever every everything example examples exfiltration expanding expands exploit exploited exposed face fact fake favor finally find finding first firstbrook fixated flow focus focused follow forces fortify found foundational fraudulent free from full gain gaining gains gartner get gets getting give gives goal golden google great groundbreaking group growing had half halt hand happens hard harm has have havoc head help here highest highlighting highly hinges how iam identifiable identify identities identity impacket impactful impossible improve incident incidents include increases indicator industry inevitable infiltrate infinite information infrastructure initial innocuous innumerable insider instead intellectual intricate introduced introduces investing isn issues itdr itdr its join key kill known landscape later lateral lead learn leave legitimate level like local lockheed log look loss loss luck made main major makes making malicious malware management maneuvers many map mapping maps market martin matter mean measures method mfa microsoft middle might misconfigured miserable modern monetary more most move movement movement movement much multifactor multitude must navigated navigating need networks neutralize new next not noted now objective occurs often once one ongoing only operations opportunities option orchestrate organization organizations organization other out outcome over paradox part party pass path paths patterns people perimeter perimeters perimeters peter phase phase: phases phishing picture pingcastle pivotal platform play point points posture practice practices precise president pretty prevent preventable privilege privileged privileges proactive proactively procedures proofpoint property protect protecting protection proves provide providers providing ransomware rather real really recent related relationships relevance relevant rely remains remediation reminder remote replace repository represents research resilience resourced respond response result right rise risk risks road roads robust role run same same: saml saying scale scanning scope security seems sensitive series server service session set shaped shift should sigma similar simple simply single software solarwinds solution solutions solutions soon sophisticated speed speed spotlight spread stages stark st |
| Tags | Ransomware Malware Tool Threat Prediction Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.