{"id":3965,"date":"2016-10-28T07:36:54","date_gmt":"2016-10-28T07:36:54","guid":{"rendered":"https:\/\/www.happiestminds.com\/blogs\/?p=3965"},"modified":"2024-04-10T05:49:35","modified_gmt":"2024-04-10T05:49:35","slug":"detection-protection-prevention-the-threat-defense-lifecycle","status":"publish","type":"post","link":"https:\/\/www.happiestminds.com\/blogs\/detection-protection-prevention-the-threat-defense-lifecycle\/","title":{"rendered":"Detection-Protection-Prevention – The Threat Defense Lifecycle"},"content":{"rendered":"
<\/div>

Cyber-attacks have become an everyday phenomenon today.\u00a0 It is a menace that is growing with each passing day.\u00a0 New types of threats are emerging and their average damage potential is also growing fast. \u00a0The average cost of a cyber-security<\/a>\/data breach<\/a> is phenomenal and stands at approx. US $ 4 million in 2016.<\/p>\n

System and network security has become critical to the survival of businesses today.\u00a0 Every network system and computer in a business\u2019s IT ecosystem needs to be protected. \u00a0\u00a0Out of all the cyber threats available on the web, Advanced Persistent Threats (APT\u2019s) are probably evolving at the fastest pace and becoming one of the most severe issues in cyber security today. \u00a0Wikipedia defines \u201cAPT<\/a>\u201d as \u201ca set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity\u201d.\u00a0 In an Advanced Persistent Threat, the unauthorized entity stays undetected in the attacked network for a long time with the intention of stealing information. \u00a0\u00a0For proper protection from cyber analytics<\/a> threats in general and Advanced Persistent Threats, in particular, a three pronged approach works best. \u00a0It will include the three processes of Detection, Protection and Prevention.<\/p>\n

Detection<\/strong><\/p>\n

In case of targeted attacks and APT\u2019s, the way they are designed and orchestrated is to ensure near total evasion of point security infrastructure. \u00a0Once they have breached the system perimeter and have come inside, the only way they can be detected is by an analysis of the behavior of the individual components of the attack. \u00a0This can be done only through the use of behavioral analytics where the enterprise goes beyond the traditional logging of incidents. \u00a0Huge amount of data should be analyzed at regular frequency for finding out the red flags that can confirm the presence of a breach. \u00a0These red flags could be in the form of a typical behavior of applications, changes in files, configurations and user activities. Basically they are anomalies that signal any departure from what has been established as a normal baseline.<\/p>\n

Protection<\/strong><\/p>\n

Protection or response to the threa<\/a>t or attacks is very critical in limiting the damage. \u00a0The first step here is to understand the modus operandi of the attack and to figure out extent of the breach and the level of exposure. \u00a0This will include any perceived high value target. \u00a0The coherent functioning of all the security capabilities and apparatus is critical here. \u00a0This means, that a measured defined response is established for a particular type of incident. \u00a0For example, if a particular user is found to use his privileges in a manner that violates the established norms, that particular network area gets blocked or if a BYOD device is detected with an app whose pedigree is suspicious, that particular user gets his\/her authentication to be suspended till the device in question is examined.\u00a0 Integrity verification tools can be a good idea because they can highlight file level changes. \u00a0Any suspicious activity here can be a red flag that would trigger appropriate action.<\/p>\n

This approach can be termed as the next level of Security Information and Event Management<\/a> (SIEM) where the protection measures were decided by correlating insights from events, anomaly and log & flow data.<\/p>\n

Prevention<\/strong><\/p>\n

Prevention is always better than cure. \u00a0An age-old saying which still holds good. \u00a0It is however, easier said than done. \u00a0The reasons are many; one is the lack of rigor and religious adherence to some of the tried and tested established practices like security policies, security awareness programs and access control.\u00a0 Proper identification, multi factor authentication [using one or more of the three things \u2013 something you know (passwords and pin numbers), something you have (ID card, smart cards tokens) and something you are (finger print, retina scan or DNA)] and authorizations for using restricted privileges, if employed properly, still go a long way.<\/p>\n

Another is the fact that traditional reactive signature based approaches like firewalls and anti-virus are getting bypassed regularly. \u00a0The need of the hour today is the ability to destroy the key points in the attack chain preemptively on the end point as well as the network in real time. \u00a0A behavior-based approach can be used to detect and prevent incipient attacks, even the ones employing advanced malware.<\/p>\n

Sometimes, steps as simple as avoiding\/restricting use of platforms with known vulnerabilities can go a long way in prevention.\u00a0 \u00a0Rogue java apps are a big source of risk. \u00a0As per IBMs X-Force threat intelligence quarterly, these apps contribute to 96% of java exploits. \u00a0Restricting or curtailing Java use can be an effective prevention measure.<\/p>\n

The Detection, Protection and Prevention approach is definitely capable of helping with the cyber security<\/a> challenges of today\u2019s organizations and reducing incidents as the global cyber threat landscape continues to change for the worse.<\/p>\n

\r\n
\r\n \r\n <\/i>\r\n <\/a>\r\n 0 <\/span>\r\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"

Cyber-attacks have become an everyday phenomenon today.\u00a0 It is a menace that is growing with each passing day.\u00a0 New types of threats are emerging and their average damage potential is also growing fast. \u00a0The average cost of a cyber-security\/data breach is phenomenal and stands at approx. US $ 4 million in 2016. System and network […]<\/p>\n","protected":false},"author":147,"featured_media":1080,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[546,551,118],"tags":[400,1629],"class_list":["post-3965","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-2","category-data-protection-2","category-threat-management","tag-cyber-security","tag-threat-defence-lifeclyle"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/3965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/users\/147"}],"replies":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/comments?post=3965"}],"version-history":[{"count":1,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/3965\/revisions"}],"predecessor-version":[{"id":11987,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/3965\/revisions\/11987"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/media\/1080"}],"wp:attachment":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/media?parent=3965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/categories?post=3965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/tags?post=3965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}