“Cybersecurity peers share a joint purpose to protect organisations from threats and attacks that could be material to staying in business,” says Armata Executive Head, Caesar Tonkin, who led the second Armata cybersecurity industry webinar called Detecting and Protecting against Endpoint Threats.
The key theme at the latest event was that endpoint detection and response (EDR) represents the best chance for organisations to win the battle against a surging cybercrime wave that evolves too fast and is too advanced for traditional tools such as antivirus or anti-malware tools.
During his keynote address, Tonkin presented shocking figures from recent Microsoft research. Some of the insights he shared included that there were 921 parcelled attacks per second in 2022 – a 74% increase from 2021 and that 93% of Microsoft investigations during ransomware recovery engagements revealed insufficient privilege access and lateral movement controls, and that the mean time it takes an attacker to move laterally within a corporate network, once a device has been compromised, is one hour and 45 minutes. Perhaps most startling is that 98% of cyberattacks can be prevented with basic security hygiene.
“From an Armata point of view, we offer our customers help with basics such as security hygiene, but also bring specialised interventions with in-depth aspects of cybersecurity,” he said. He referenced LockBit, which is akin to a ransomware-as-a-service machine. “The pace at which they are targeting organisations, globally and in South Africa, is cause for concern and certainly something that we need to be mindful of in this country,” said Tonkin.
“When we do threat hunting, we analyse the steps that criminals follow – their tools, techniques and tactics. What looks like normal software behaviour – criminal actors can hide behind. These cannot be detected using basic anti-malware,” explained Tonkin, who said that organisations need to develop threat intelligence and the indicators of compromise. This will help them to join the dots as to what threat adversaries are doing to try to infect and cause harm. “As CISOs we must link ransomware attacks to business risk at exco and board level,” he said.
Tonkin introduced cybersecurity expert Emile Coetzee and Microsoft’s Wessel Pieterse, who spoke about the current endpoint threat landscape and what they thought the endpoint threat landscape would look like heading into 2024; the reasons for selecting an EDR platform and not only standard antivirus or anti-malware tools; the business benefits that arise from adopting an EDR platform, automated detection, cyber defence and response handling against advanced threats that could be harmful; and lessons learnt during threat hunting and defending against advanced threats and malware.
A key theme to emerge from these discussions was the pace at which the world of cybercrime is evolving. Even if the usual suspects, such as email compromise or phishing, still show up, the innovative and new ways that criminals are positioning their attacks are cause for concern. Against this backdrop, both panellists and Tonkin agreed that an EDR platform emerges as a non-negotiable for a business wishing to secure its systems.
“Whereas anti-virus, for example, adopts a pre-breach mindset, meaning that it has a series of known signatures or files to scan for,” explained Pieterse, “the industry needed to move to ‘an assumed breach mindset’.
“That's what EDR does. We still look for known signatures, but what we are looking for primarily is a sequence of events and behaviours, using machine learning and artificial intelligence to analyse known behaviours and the normal state of individual endpoints to discover malicious actions and behaviours, rather than relying on a certain set of files or signatures like an anti-virus.”
Coetzee agreed that an EDR was non-negotiable. “My advice to any business, even an SME, would be to invest in a good EDR solution and then partner with a company of experts who can manage the tool for you so that you can sleep at night.”
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version