M-unition -

Taking An Adversarial Approach in Cybersecurity

By on May 15, 2012

It is no secret that nation states like China and Russia are attacking U.S.-based businesses in an attempt to steal valuable trade secrets. From a cybersecurity perspective, a key question organizations face is whether they should focus on reactively protecting assets from the bad guys, or to take a more proactive approach to find and contain adversaries who are already in their environment.

At Mandiant, we prefer to take the proactive tact, focusing on intelligence gathering by providing a complete picture of who exactly is attacking these organizations and what new tactics they are using to achieve their objectives.

NPR recently interviewed Kevin Mandia, CEO of Mandiant, on this strategy of proactively hunting for bad guys on your own network.  Richard Bejtlich, chief security officer for Mandiant, was also interviewed for the segment, which showcasedMandiant as the leader in this cybersecurity paradigm shift and highlighted the importance of understanding how certain Advanced Persistent Threat (APT) groups go about breaching a network so you can respond faster and contain the impact. During the interview Kevin states, “We can [tell] a team that’s going to some Fortune 500 company, ‘All the evidence points to APT Group 1 or APT Group 5,’ ” Mandia says. “[They will] immediately know the tools they use, the IP addresses they use, the pass phrases they use when they encrypt data, and where they store their files on the machine.

NPR’s piece came out on the heels of a recent interview with Richard Bejtlich in Wired ’s Threat Level on the topic of cyber espionage.   In addition, he provided commentary in a recent SC Magazine story about how the rise in state-sponsored cyber attacks has become the new Cold War.

All the stories point to the fact that the threats we face are a “Who” not a “What” and that knowing who is attacking your networks (and what they’re likely to do next) is just as important, as understanding the tactics they used to break in.

For more information on key tactics used by advanced attackers, read Mandiant’s annual report, M-Trends. And check-out our recent blog series where our own Grady Summers goes in-depth on each trend. Yesterday he discussed the first M-Trend, Malware Only Tells Half the Story.  He will be publishing posts on the remaining trends through next week.

 

 

 

 

Category: The Suite Spot

Comments

    Leave a Comment

Get M-Unition in Your Inbox:

Follow @mandiant

Follow @mandiant on twitter.

Career Opps @ Mandiant

We’re growing fast, but we’re as demanding as ever. Our clients come to us in their hours of need, so we need the best. That means more than just the right education and the right experience in information security.

As Mandiant continues to grow, we are able to offer certain positions in multiple locations. For details on the location(s) of each opening, please refer to the position descriptions.

Click here to view available positions.