Anatomy of a Breach: Preventing the Next Advanced Attack – Cisco Blogs


Your company’s stock price nosedives by 15% in a single day. You get a flood of messages from concerned family and friends about your company. Your company’s name is all over the news. Your colleagues exchange hundreds of frantic messages while trying to figure out what happened and how to respond. This is what it looks like when your organization is breached.

I know this from firsthand experience because I was working at SolarWinds when the massive breach that was heard around the world occurred. I will be sharing these experiences about the inside of one of the largest and most sophisticated attacks ever seen on an upcoming webcast. The SolarWinds breach profoundly changed the threat landscape since it signaled the beginning of a new era, where cybercriminals were becoming increasingly brazen and threats were growing more and more advanced.

In only a few months since the SolarWinds hack, we’ve witnessed several high-profile cyberattacks such as the Colonial Pipeline attack and JBS breach. These devastating attacks shut down oil pipelines and meat processing plants, leading to gas price hikes and fuel shortages while jeopardizing the food supply chain. Most recently, the Kaseya hack disrupted dozens of Managed Service Providers (MSPs) and thousands of small and medium businesses, including a Swedish grocery chain that was forced to close its stores due to the attack.

Rapidly Understand and Detect Threats

As a result of this evolving threat landscape, many security professionals are all asking the same set of questions:

  • How can I gain visibility into threats to my organization?
  • How do I detect threats before it’s too late?
  • If a threat gets through, how can I quickly respond to it?

This is where a Network Detection and Response (NDR) solution such as Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) comes into play. Secure Cloud Analytics gives you comprehensive visibility into your threat landscape, analyzes and detects threats, and unifies insights while enabling automated response. This solution covers both your public cloud environment and on-premises infrastructure to provide a true hybrid approach to threat visibility, detection, and response. For instance, you can rapidly uncover and investigate attacks across public cloud environments such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform as well as your corporate network.

Secure Cloud Analytics gives you insights into threats by collecting telemetry from your modern network, which is distributed across the enterprise, branch, campus, data center, remote offices and into the cloud. It then automatically identifies the role of each device and resource on your network to create a baseline of normal behavior. Secure Cloud Analytics continuously monitors your network for anything that deviates from this baseline and alerts you of any malicious threats, signs of compromise, or abnormal behavior.

This behavioral analysis is enriched with machine learning that reduces large amounts of security telemetry to high-fidelity threat detections, which allows you to filter out the noise and focus on the most critical threats. Additionally, security intelligence from Cisco Talos, the largest nongovernmental threat intelligence team in the world, gives you a global view into threats on your network by correlating local threats with attacks seen around the world.

In short, Secure Cloud Analytics alerts you before a security incident becomes a full-blown security breach. For example, Secure Cloud Analytics can discover the type of suspicious behavior seen in the SolarWinds breach as well as other sophisticated attacks and notify you before you make front page headlines. This includes malicious activity such as attackers trying to contact Command & Control servers (C2), move laterally within your network, or exfiltrate data.

Quickly Respond and Remediate Threats

Getting insights into threats and detecting them before they turn into breaches are both important, but what if something gets through? After all, we all know that even the most effective cybersecurity solutions in the world aren’t foolproof. This is where extended threat detection and response (XDR) from Cisco SecureX comes in. SecureX is the industry’s broadest, most integrated security platform that unifies visibility, simplifies threat response, and enables automation.

It allows you to unify insights from multiple security products into a single, centralized console while offering additional context and integrated controls from other security solutions. Moreover, you can use prebuilt and custom workflows to enable an automated response by triggering a predetermined incident response playbook. The best part about SecureX is that it’s built into Secure Cloud Analytics, which means you just need to turn it on.

This simplicity is fundamental to Secure Cloud Analytics, which is built from the ground up to be easy to use and simple to manage. A Software-as-a-Service (SaaS) solution delivered from the cloud, Secure Cloud Analytics requires no specialized hardware, software agents, or special expertise. Thus, customers have reported quick time to value, with deployments up and running under 30 minutes.

For more information about using Secure Cloud Analytics to stop sophisticated cyberattacks, please join us for an upcoming SANS webcast, where we will discuss how comprehensive visibility and threat detection can help you prevent advanced threats from compromising your organization. You can also try Secure Cloud Analytics today with a free 60-day trial.

Share:



Source link