How to Respond to Today's Dynamic Threat Landscape

“Counting attacks is fruitless. Taking action based on trends and vulnerabilities is the best step.” This quote comes from the recently published Gartner report, How to Respond to the 2018 Threat Landscape. With today’s changing threats, the reality is that security professionals need to continually evaluate and adjust their game plans in order to remain effective and resilient against cyber attacks.

Now, more than ever, we see the need to align and balance prevention and detection technologies for optimal security. Building on this premise in their report, one Gartner recommendation is:

  • Assess the viability of rearchitecting in security planning by using enclaves, segmenting, remote browsers and any known weak links that could enable an "enterprise-killer" attack.

FireEye agrees with this recommendation. In late 2016, FireEye greatly enhanced its Network Security family of products by enabling traditional integrated network security appliances to function as intelligent security sensors. This allows architects to easily deploy multiple FireEye Network Security “Smart Nodes” throughout the network and at key network segments to gain greater visibility throughout their network, thus reducing dwell time and asset exposure.

Gartner further recommends:

  • Plan to purchase and use actionable threat intelligence (TI) to understand the specific challenges to the specific technologies utilized by business practices.

Understanding adversaries – notably their tactics, techniques and procedures – through effective threat intelligence can help prevent organizations from becoming a breach headline. Only FireEye brings threat intelligence gained from incident response, forward-looking adversary intelligence, and thousands of sensors around the world working in concert – ultimately providing threat intelligence context to all levels of your security ecosystem.

Another recommendation in the Gartner report is:

  • Conduct an immediate assessment of your vulnerability management program and include looking for shadow IT that needs inclusion into that program.

FireEye recommends that enterprises conduct a Red Teaming exercise to proactively identify and mitigate complex security vulnerabilities that can lead to critical data loss. With Mandiant Red Team Operations, our security experts use our experience from the front lines of cyber attacks to simulate the tools, tactics and procedures of real-world attackers that target your environment. Red Teaming for Security Operations adds an additional component: working with your internal security team or security operations center (SOC) to detect red team activity in progress and provide a post-mortem analysis of your detection and response capabilities.

One more Gartner recommendation for 2018 is:

  • Monitor encrypted traffic to catch sophisticated hackers who hide complex attacks in web traffic.

The trends here are undeniable – the growth of encrypted traffic is increasingly reducing the visibility of what comes in and out of today’s networks, so having the ability to inspect encrypted network traffic is a must-have feature for 2018 and beyond.

Finally, Gartner makes the recommendation to:

  • Include outsourcing of security functions in your practice; pressure existing EPP vendors to provide ransomware detection or switch vendors.

FireEye recognizes that the shortage of skilled security professionals continues to drive demand for outsourced security services (i.e. managed security services). FireEye Managed Defense extends your security operations with industry-leading expertise, threat intelligence and technology by thoroughly investigating security alerts and proactively hunting for signs of compromise that evade most technology defenses.

Meanwhile, FireEye Endpoint Security defends against today’s constantly evolving ransomware threats by providing real-time, inline ransomware protection against multiple attack vectors. For more information, read our solution guide: Defenses Against Ransomware: Effective Solutions to Protect Your Critical Data.