Taking An Adversarial Approach in Cybersecurity
It is no secret that nation states like China and Russia are attacking U.S.-based businesses in an attempt to steal valuable trade secrets. From a cybersecurity perspective, a key question organizations face is whether they should focus on reactively protecting assets from the bad guys, or to take a more proactive approach to find and contain adversaries who are already in their environment.
At Mandiant, we prefer to take the proactive tact, focusing on intelligence gathering by providing a complete picture of who exactly is attacking these organizations and what new tactics they are using to achieve their objectives.
NPR recently interviewed Kevin Mandia, CEO of Mandiant, on this strategy of proactively hunting for bad guys on your own network. Richard Bejtlich, chief security officer for Mandiant, was also interviewed for the segment, which showcasedMandiant as the leader in this cybersecurity paradigm shift and highlighted the importance of understanding how certain Advanced Persistent Threat (APT) groups go about breaching a network so you can respond faster and contain the impact. During the interview Kevin states, “We can [tell] a team that’s going to some Fortune 500 company, ‘All the evidence points to APT Group 1 or APT Group 5,’ ” Mandia says. “[They will] immediately know the tools they use, the IP addresses they use, the pass phrases they use when they encrypt data, and where they store their files on the machine.
NPR’s piece came out on the heels of a recent interview with Richard Bejtlich in Wired ’s Threat Level on the topic of cyber espionage. In addition, he provided commentary in a recent SC Magazine story about how the rise in state-sponsored cyber attacks has become the new Cold War.
All the stories point to the fact that the threats we face are a “Who” not a “What” and that knowing who is attacking your networks (and what they’re likely to do next) is just as important, as understanding the tactics they used to break in.
For more information on key tactics used by advanced attackers, read Mandiant’s annual report, M-Trends. And check-out our recent blog series where our own Grady Summers goes in-depth on each trend. Yesterday he discussed the first M-Trend, Malware Only Tells Half the Story. He will be publishing posts on the remaining trends through next week.