Comments: 1 Comment
by Albert E. Whale, CEH CHS CISA CISSP
Founder & CEO
A shift in the security paradigm needs to address the Unseen attacks in the environment. Detecting the Unseen activities in the environment explains why there are so many attacks being reported on a daily basis. This includes the recent Colonial Pipeline, Solarwinds and so many other breaches.
The unseen attacks depend on the ability of the attackers to hide in plain sight. We will outline several of them here to uncover the unseen activities within almost every network. Here is a look at the use of today’s People, Process and Technology (PPT).
As you can see from the chart below, today’s tools are only looking forward, to the next attack. They are focused on the next attack because they can only detect Malware which has been previously defined and observed. The security methods employed include security scans (assessments), the deployment of security tools, and compared with our ITS SafeTM security appliance. It should be clear why ITS Safe maintains better coverage to protect your organization.
Security Assessments (review of security for a host, a network, software or other asset) are only valid up to the time the report is generated. As soon as the observer generates the report, the Assessment of the environment ends, and it becomes stale. This is a point in time observation.
Today’s Security Tools look for tomorrow’s attacks. Tools that security researchers and network testing teams all use to assess the activities inside the network are based on testing for Known threats, and how the environment will respond to the next attack. These tools test the environment for detecting known threats on potentially new attacks.
The ITS SafeTMsecurity appliance is designed to Detect, Defend against, and Destroy IntrudersTM, or MD3. While other tools and testing activities look for the future state of security in the organization, ITS Safe examines all activities to uncover and detect unwanted connections that were completed before you began the observation of environment.
Everyday around the world, new activities are discovered in new and existing equipment, software, and third parties to organizations. Firewalls are breached, Vendors we use are hacked, software we create is breached and app we use on our phones are backdoors for attackers as well.
The problem is that today’s tools only identify what other people have found. After the attackers succeed at penetrating an environment, do you think that they would keep the tools that they used in place, so that they could be identified after the Zero Day threats become known threats? Of course not! After they have given themselves sufficient access to survive a reboot, they have cleared their tracks.
A comprehensive review of the cyber security digs deeper than reviewing the exposed 10-20% of the network, and actually reviews the active network as a comprehensive ecosystem. If you compare the use of today’s tools to examining only the tip of the iceberg, then you will begin to understand why they are ineffective at discovering the unseen.
Can you expect to detect the unseen activities using tools which only scratch the surface?
Visible Network structure (Static View)
Invisible Operation of the network, and how it responds with people using it. (Dynamic view)
IT Security Solutions recommends at least an annual Security assessment to determine the security posture and formal detection of internal activities. While this is the minimum recommendation, even doing the Minimum does not detect the activities as well as out continuous monitoring solutions for our clients.
IT Security Solutions, Inc. is a Pittsburgh based technology company with 25+ years of cyber security domain expertise catering to businesses of all sizes. The solutions offered range from technology security audits and penetration testing to continuous network scanning. The company recently launched ITS Safe™, a proprietary managed security solution that blocks hackers from attacking networks – the largest IT security threat facing businesses today.
Contact IT Security Solutions to discuss how a paradigm shift will benefit your company today.
412-889-6870 – info@IT-Security-Solutions.com
 Every network we have examined include several of these activities, if not all of them.
 The Security Assessment becomes stale because the users in the network add additional threats from their use of the environment.
 Known threats are used in Virus scanners, network scanning, software analysis, and logfile monitoring tools.
 Security Tools cannot test for unknown threats because these events are currently not known.
 Think of this as reviewing the activities that are already active, that are not detected as tomorrow’s threats, because they are considered as part of the current environment.