Detecting, Disrupting & Deterring Adversaries (Guest blog by Fortinet)
Living with Risk. There is a new evolution in cybersecurity risk complexity and capability but also some truly leading-edge technologies continue to defeat them. This daily success is rarely given much consideration whilst the IT revolution dictated by Moore’s Law continues, for now at least, at pace. Attackers are becoming both more efficient and intelligent at evaluating their targets and successfully conducting their intended campaigns. Automation and AI are becoming available to threat actors so naturally they are also being employed by leading cybersecurity systems. Understanding and tackling these threats becomes ever harder for organisations. There is an ‘arms race’ in cyber, one which the forces of good must always stay ahead to win. Detection, disruption and deterrence must always overmatch the threat. Using human and machine excellence, an evolving and dangerous threat is being overcome.
New Technology. Today there is a full array of high technology sensors and devices in any modern cyber armoury (such as: ‘sandboxes,’ the equivalent of a sterile area for electronic, safe detonation of a potential malware). New concepts such as Automated Threat Intelligence and Deception Technology help provide invaluable intelligence feed that enables an organisation to react quickly whilst also learning about the attacker’s tactics, techniques and procedures. Such intelligence allows defences to adjust (often automatically) to disrupt the attack vectors in use at that time. A multitude of decoys can help create a full spectrum replica ‘network.’ Deploying fake but highly convincing decoys (such as printer or uninterruptible power supplies) around the network can enable risk-averse automation where an attacker is quarantined as soon as they so much as even ping a decoy. The latest technology also allows ‘risk-accepting’ (where SOC teams can watch what an attacker does in intimate detail for an extended period to understand motivations and behaviour). Next-generation technology is today’s shield for organisations, helping them constantly evolve their capabilities to detect and defeat attackers early in the attack cycle or deter them.
Living Safely. Increased visibility and better intelligence are, of course, less valuable if there is no fast way to distribute that critical knowledge across the overall infrastructure. As Gartner stated recently, a Cybersecurity Mesh Architecture (CSMA) is crucial to enabling organisations to better equip themselves with a sustainable cybersecurity capability. This form of ‘mesh’ integration is a gold standard for networks and data storage, regardless of location, to be protected automatically; this dramatically increases visibility and efficiency and lowers risk and alert fatigue. Users will deter malicious intent by adopting such automation. The cyber battles of today and tomorrow can be won by using the very latest and best technology to constantly Detect, Disrupt and Deter. The UK’s 5th Strategic Pillar is validated today via support from by a global effort.
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Upcoming events
Get involved
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.