PUTTING IT INTO PRACTISE
HOW OUR CUSTOMERS PROTECT PEOPLE AND DEFEND DATA
By now, most cybersecurity professionals are familiar with the concept of the attack chain. Many will also understand the protections that can be put in place along it to stop cybercriminals in their tracks.
Understanding a concept and integrating capabilities into your workflow are very different propositions – and execution is ultimately where the rubber meets the road. If we can’t literally break the attack chain, we can’t protect our people and defend our data.
With this notion in mind, we’ll outline practical strategies our customers have used that can help to break the attack chain before, during and after an attack.
Chief Customer Officer, Proofpoint
SVP Customer Success, Proofpoint
It almost goes without saying that it’s always best to stop bad actors from getting inside our defenses. However, knowing that and doing it are very different things.
While there are a lot of approaches to take here, the vanguard remains email protection and security awareness. If you’re getting this wrong, you’re in for a tough time.
'It’s important to protect the front door of your environment with security awareness education customized to your people, specific to their job roles.’ - Head of Information Security, Financial Services
A robust email protection and Threat Response Auto-Pull (TRAP) solution not only detects and blocks advanced threats like Business Email Compromise (BEC), it also gives you a laser-like focus on people under attack. With this insight, you can rapidly target your awareness training to educate relevant users on the threats they are most likely to face.
‘Threat response auto-pull (TRAP) – if you’re not using it, get it! It's been a game changer for pulling back attacks that have gotten through. Through Proofpoint People Protection we have laser light focus on who is being targeted by BEC – we can rapidly respond and educate our workforce.’ - CISO, Manufacuring Automation
‘We’ve implemented DMARC across our environment and it’s had a huge impact. We can catch those compromises early on.’ - Head of Information Security, Financial Services
The unfortunate truth is many email attacks are not sophisticated. In fact, it is often their simplicity that makes them dangerous.
They do not usually carry a malicious payload. Instead, threat actors use spoofed or compromised accounts and social engineering tactics to lure credentials or network access from unwitting victims.
ATTACKERS AREN’T JUST SPRAY AND PREYING ANYMORE, THEY DON’T USE SOPHISTICATED ATTACHMENTS – THEY TARGET THE WEAKEST LINKS IN YOUR CHAIN BY TRYING TO GAIN THEIR TRUST THROUGH EMAIL.
With so much scope for attacks like this to under the radar, we must assume that, while stopping initial compromise is the driving aim, it is very unlikely to be successful 100% of the time.
Email security and awareness training is an important layer of defense, but it’s far from the only one. We also need endpoint protection and controls capable of detecting unusual activity inside our networks and systems.
Modern threat actors will often take time to ‘live off the land’ once they have successfully compromised our defenses. They may be waiting for a specific time or event before dropping a payload or moving laterally to identify sensitive data and IP and escalate privileges through additional account compromise.
While user education can help to spot suspicious communications during this phase, it is no match for an Identity Threat Detection and Response (ITDR) solution. ITDR actively alerts to privilege escalations and lateral movement across your environments.
‘If someone is in your environment, using a product combination like Spotlight and Shadow for detection and deception gives you insight into your vulnerable Active Directory (AD) groups and identity risks.’ - Head of Information Security, Financial Services
A supplier threat protection solution extends these capabilities to your supply chain to alert you to any vendors that may also be compromised.
A product like Identity Threat Protection can highlight the bad things. For example, the prevalence of service and administrator accounts that have been freely given out, that’s where the partnership between ITD and PAM is going to save you.’
How ever a threat actor gets into your organization and whatever they do while they’re in there, their final act usually culminates in data loss.
Naturally, a data loss prevention (DLP) solution is a good place to start when building a defense for this stage of the attack chain. However, traditional DLP only addresses the data loss element of the issue. Alternatively, insider threat management (ITM) and other information protection platforms provide total visibility not just into your data, but into the behavior of your people and the types of threats they face.
‘The attack chain shows a linear progression of how things can happen, but it’s not always that way – insider threats don’t start at the beginning, they come up in the middle, meaning you have fewer opportunities to stop it.’ - CISO, Manufacuring Automation
This starts with identification and classification. For your data loss strategy to be effective you need to know what data you hold, where it is and who has access to it. From here, you can put controls in place to safeguard it against exposure and loss, whether intentional or otherwise.
The more you understand how your users interact with sensitive data across cloud, email, endpoint and web, the faster you can intervene when anything looks untoward.
For example, an advanced identity protection platform can flag unusual movement of data between servers and local environments or USB drives.
I love ITM – I don’t have to think about it, I get insights about my data that I can action right away.’
With vital insight into the exact nature of the activity, you can quickly spot anomalies, halt data loss and take appropriate steps to reduce the risk of it happening again. There’s no escaping the fact that traditional DLP has caused plenty of frustration over the years. But today’s AI and ML-driven platforms are lightyears ahead. We can expect more of the same in the future, too. Intelligent classification of data and AI analysis of behavior and activity are changing the game to the point that our current capabilities may look like the dark ages in just a few years’ time.
Talk to our team to find out how we can create a solution for your organization’s needs.
Get in touch for a free assessment
