Carbon Black: Defense Capabilities Match Increased Attack Sophistication
While businesses are seeing an increase in attack sophistication, and the overall attack volume in the past 12 months has increased, defense is getting better.
Speaking to Infosecurity, Rick McElroy, head of security strategy at Carbon Black, said that these statistics were due to what he called the “trickle down cyber-economy for adversaries” where nation state actors, cyber-militias and contractors working for them develop multi-million dollar tools which get into the wild – such as the exploits which enabled WannaCry and NotPetya to spread.
“As new capabilities and ammunition are developed, you’ll see that move into things like ransomware,” he explained. “Secondary, [offense] is not a highly specialized skill anymore, a lot of people are trained in it, and you can buy a lot of capabilities on the dark web. So the rise is down to more people being involved, and the sophistication is down to the cyber-economy, but defenders do have better tools.”
On that point, McElroy said that because there is better tooling in prevention and detection, the adversary has to improve and become more “stealthy.”
Asked if the state of cybersecurity was improving for defenders, McElroy said he believed it was getting better as “people are starting to sleep a bit more” and getting some of things that they need thanks to budget approval. “It comes back to how to make the army bigger, and recruit successfully as people look at ‘non-traditional areas’” he said.
The research found that 76% of UK organizations were more confident in their ability to repel cyber-attacks than they were 12 months ago.
McElroy said: “As the cyber-defense sector continues to mature, businesses are becoming more aware of the tools at their disposal and the tactics they can use to combat cyber-attacks. We believe this growing confidence is indicative of a power shift in favor of defenders, who are taking a more proactive approach to hunting out and neutralizing threats than previously.”
He praised the MITRE ATT&CK framework as enabling defenders as it made vendors improve their technology, and pointed out that there is a feeling that defenders have better tools than ever before “which is definitely increasing the confidence that they have” as things can be found in environments that otherwise would not have been known about.
The research also found that 90% of UK businesses said threat hunting has improved their defenses, and McElroy noted that there is less reliance on alerting, and this has had a positive impact, “but where do you find the threat hunters as this is a skill that has not been around for long and globally there is a massive shortage of threat hunters and incident responders.”