BLITZ! Like a Great Middle Linebacker, An Agile & Strong EDR Solution Can Quickly Respond to an

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

As we near the close of 2018, we should appreciate that cyberspace has become an increasingly hostile landscape. Geoplitical tensions are manifesting in cyberspace and cyber criminals have become increasingly punitive this year. 

We at Carbon Black have observed some interesting trends:

  • Vapor Worms
  • Wipers deployed for counter incident response
  • Island Hopping through cloud environments
  • Watering Hole Attacks that employ destructive payloads

Today’s adversary is intent on waging a cyber insurgency within your network.  

The more prominent your corporate brand, the more likely it will be targeted by the elite cyber criminals and spies. In order to protect one’s brand, corporate cyber defense must be modernized.

We must appreciate that traditional end point security is dead. The failure in traditional endpoint security is due to the widespread adoption of the Kill Chain. The Kill Chain starts with Reconnaissance. Reconnaissance is the act of finding a weakness in the target that the attacker knows how to exploit for their gain.  Every corporation has weaknesses and every cyber criminal has access capabilities to attack platforms and exploit code. The overlap between the two is what we should be concerned about.

Attackers gain their economies of scale by using the same access capabilities over and over again, both within a specific target and across targets. This modus operandi is effective because (1) victim orgs rarely know what weakness was exploited that led to the alert several stages in the attack later (i.e. root cause) and (2) those victim orgs that *do* know what the root cause was very rarely share it, or the mitigation they took to address it.

Carbon Black recently developed CB ThreatHunter to address both problems. The impact of this change in security posture is that an attacker can no longer use an access capability more than once. This cloud-based threat hunting and incident response (IR) solution delivers unfiltered visibility for top security operations centers (SOCs) and IR teams to ensure the maintain the high ground.

How might we take a page from a defensive coordinator? Much like a all-pro middle linebacker. ThreatHunter can defend and respond to an super-charged offense.

Middle linebackers are the strongest linebackers who play a hybrid position and can act as a lineman to disguise where a rush is coming from. Like Dont’a Hightower or Sean Lee, an effective EDR allows your endpoints to defend and respond to an attack.

In an historic evaluation MITRE tested the precision and effectiveness of major EDR players. This test was based on MITRE’s popular ATT&CK framework and represented a new approach to EDR testing: open, sophisticated, rigorous, and reflective of the real world. As evidenced by MITRE’s testing there are only a few best of breed linebackers.  Choose yours wisely, as defense wins championships.

 

The post BLITZ! Like a Great Middle Linebacker, An Agile & Strong EDR Solution Can Quickly Respond to an Offensive Attack appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
157 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel