How Enterprises Can Break the Cyber-Attack Lifecycle

 
 
By Chris Preimesberger  |  Posted 2015-07-08
 
 
 
 
 
 
 
 
 
  • Previous
    1 - How Enterprises Can Break the Cyber-Attack Lifecycle
    Next

    How Enterprises Can Break the Cyber-Attack Lifecycle

    by Chris Preimesberger
  • Previous
    2 - Breaking the Cyber-Attack Lifecycle
    Next

    Breaking the Cyber-Attack Lifecycle

    Cybercrime is an estimated $1 trillion industry. Every organization with digital assets is vulnerable to attack, and the growing sophistication of cyber-criminals and their evolving tactics only increase the chance of a security breach involving the theft of sensitive data. Effective cyber-defense must withstand changes to adversaries' tactics and tools that traditional, nonintegrated best-of-breed legacy approaches cannot address.
  • Previous
    3 - How Cyber-Criminals Operate
    Next

    How Cyber-Criminals Operate

    The Cyber Attack Lifecycle is a sequence of events that an attacker goes through to successfully infiltrate a network and exfiltrate data from it. The good news is that blocking just one stage in this lifecycle can be all that is needed to protect a company's network and data from attack. That's why it's important to keep a prevention-based approach in mind and not operate as though detection is your best defense. SUMM: Focus on prevention above detection.
  • Previous
    4 - Cyber-Attack Lifecycle Stage 1: Reconnaissance
    Next

    Cyber-Attack Lifecycle Stage 1: Reconnaissance

    Just like burglars and thieves, most attackers carefully plan their attacks. They research, identify and select targets, often using phishing tactics or extracting public information from an employee's LinkedIn profile or corporate Websites. These criminals also scan for network vulnerabilities and services or applications they can exploit.
  • Previous
    5 - Cyber-Attack Lifecycle Stage 2: Weaponization and Delivery
    Next

    Cyber-Attack Lifecycle Stage 2: Weaponization and Delivery

    Next, the attackers determine which methods to use. They may choose to embed intruder code within seemingly innocuous files like a PDF, Word document or email message. Or, for highly targeted attacks, attackers may craft deliverables to catch specific interests of an individual.
  • Previous
    6 - Cyber-Attack Lifecycle Stage 3: Exploitation
    Next

    Cyber-Attack Lifecycle Stage 3: Exploitation

    Once attackers gain access inside an organization, they can activate attack code on the victim's host and ultimately take control of the target machine.
  • Previous
    7 - Cyber-Attack Lifecycle Stage 4: Installation
    Next

    Cyber-Attack Lifecycle Stage 4: Installation

    Attackers will seek to establish privileged operations, root kit, escalate privileges and establish persistence to gain a foothold.
  • Previous
    8 - Cyber-Attack Lifecycle Stage 5: Command and Control
    Next

    Cyber-Attack Lifecycle Stage 5: Command and Control

    Attackers establish a command channel back through the Internet to a specific server so they can communicate and pass data back and forth between infected devices and their server. This may allow attackers to track keystrokes, access and control a Webcam or transmit important access information back to the attacker for further penetration efforts.
  • Previous
    9 - Cyber-Attack Lifecycle Stage 6: Actions on the Objective
    Next

    Cyber-Attack Lifecycle Stage 6: Actions on the Objective

    Attackers may have many different motivations for attack, and it's not always for profit. Their reasons could be data exfiltration, destruction of critical infrastructure, defacement of Web property or to create fear/extortion.
  • Previous
    10 - Prevention-Based Approach Is Necessary
    Next

    Prevention-Based Approach Is Necessary

    Enterprises need a prevention-based approach, one that is automated and allows them to remain agile in the face of advanced attacks plus provides a unique ability to defend against cyber-criminals. Companies should look for a solution that protects every part of the global enterprise network, addressing vulnerabilities and malware arriving at the endpoint, mobile device, network perimeter and within the data center. This provides new defense and resilience to prevent attackers at every stage of the Cyber-Attack Lifecycle.
 

Cyber-attacks on enterprises and governments are in the news nearly every week—sometimes every few days. As defenses have attempted to thwart the bad actors and their invasive tools, the origination points and volume of attacks have evolved to stay ahead of the curve. Attack traffic now comes from every corner of the world, though some regions (Eastern Europe, Asia and the Middle East) are responsible for more volume than others. No matter where the attacks originate, security is in the hands of data owners, who need to think like hackers in order to thwart cyber-invasions that can scuttle a business in no time flat. The so-called Cyber-Attack Lifecycle, as dubbed by Palo Alto Networks, is a sequence of events that an attacker goes through to successfully infiltrate a network and exfiltrate data from it. Understanding the modus operandi of hackers and anticipating what they will do is half the security battle. The other half is actually protecting the data wherever it resides. This eWEEK slide show contains key data points on how to break the cyber-attack lifecycle.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel