Published on October 31, 2018
…and how to protect yourself
It’s Halloween! And before the night exposes the horrors from the netherworld, most of us still have to get through the wacky costumes at work. Just the same, the cybersecurity demons do not slow down, and our SOC superheroes must continue to save the world from data breach destruction. To that worthy end, here are seven tips to help our superheroes vanquish the undead hordes.
Don’t rely on that silver bullet.
Werewolves are simple creatures with simple methods. They can be overcome with a well-placed silver bullet. Unlike werewolves though, current day hackers are sophisticated and draw on a variety of scary techniques to achieve their goals. The cybersecurity silver bullets of yesterday—static rules in your SIEM, or signature-based malware detection—are simply not good enough. To fight a winning battle, SOC superheroes in the modern era must look to advanced machine learning and artificial intelligence to defend against these high-tech adversaries.
There are zombies everywhere. And these zombies routinely emerge to devour SOC analysts, CISOs, and CEOs alike. These undead beings in your organization come in the form of zombie user accounts on critical servers and systems. These accounts may be remains of employees that have left the organization, moved to a different role, or even cloud resources they spun up temporarily. In any case, these zombie accounts are a prime target for hackers to uncover, silently exploit, and use as a base for lateral movement across enterprise hardware and software resources before striking that deadly blow. To stand a chance against this horrific cybersecurity hole, SOC analysts must be keenly aware of the access granted to users across the organization, and use advanced learning to find zombie accounts that are being used for nefarious purposes.
Horrors lurk in the fog (or the cloud).
Ok, we clearly are using The Fog as a metaphor for cloud services. Just like fog rolling across the swamp, cloud services can hide scary things from a cybersecurity perspective. The latest attacks, and often the hardest to detect, are now coming from the exploding enterprise use of foggy – errr… cloud services. In fact, a recent report indicated that the risk of security breaches in cloud environments is almost 50% higher than in traditional IT environments. SOC superheroes must factor in and closely monitor enterprise usage of cloud services. You must ensure that employee activity across cloud infrastructure, cloud storage, and cloud applications doesn’t provide a prime hiding spot for the scary beings trying to compromise your crown jewels.
Exorcising demonic possession.
In the horror classic The Exorcist, the innocent 12-year old Regan MacNeil is possessed by the ancient demon Pazuzu who forces Regan to perform strange, horrific and unnatural acts uncharacteristic of her normal behavior. Just so in the enterprise environment, good employees—specifically their access privileges—can be possessed by malware demons. These possessed accounts then perform behavior that is abnormal and uncharacteristic of the employee. The SIEM solutions used by our cybersecurity superheroes must have the relevant data, context, and behavior-based techniques to identify employee accounts that are victims of such demonic possession.
Vampires die when exposed to sunlight.
There are various methods you can employ in order to destroy Count Dracula and his horde of blood-sucking undead, including decapitation, cloves of garlic, or a stake driven through the heart. The simplest may be to shine (sun)light across your enterprise so that it is unapproachable by the Nosferatu and remains vampire-free. For our cybersecurity superheroes, this translates to the light of visibility across enterprise IT resources, users, and data. As vampires change form and hide in the dark recesses of ancient castles, so do hackers rely on IT resources that are unmonitored by the SOC. A horror-free organization is easy to maintain when all the nooks and crannies are visible to, and monitored by, those charged with protecting the enterprise.
Protecting your booty from pirates.
While these swashbuckling villains are not exactly in the same vein as supernatural creatures of Halloween, I assure you that you will see several pirates as you trick-or-treat tonight. We know exactly what booty these malicious pirates are after–chests full of gold coins and jewels of course, that are securely stashed away in the depths of your file servers, databases, and hard-drives across your enterprise. In many cases, the tell-tale “X marks the spot” is unknown, even to our cybersecurity superheroes. Sensitive data often resides on machines and resources that the IT or security team is completely unaware of. And that’s where these pirates strike! So one of the key activities you superheroes can undertake is a comprehensive data discovery and classification exercise. You can’t protect what you don’t know exists. So make sure the cybersecurity super-heroes know where exactly that “X” is in your organization, and you are able put the appropriate controls around that booty.
Don’t build a cybersecurity Frankenstein.
We know how this story turned out. The original intent of the good doctor was good, however his experiments resulted in in a truly horrific creature and eventually lead to his own destruction. Our SOC superheroes are advised to take this analogy to heart as they plan and build their cybersecurity program. We at Securonix regularly see enterprises that have tried to purchase several different IT and security tools, throw in some alchemy—a.k.a. genius developers—and build a security information and event management (SIEM), user monitoring, and security data lake solution. The failure rate of these projects is shockingly high. Even more scary is the fact that, like Victor Frankenstein, such efforts often result in self-destruction.
We wish you a Happy Halloween, and all of us at Securonix hope that these tips can help you cybersecurity superheroes—our SOC analyst, threat analyst, and cybersecurity professional community—steer clear of the spooky things across the internet that are trying to eat you alive.