Becoming the hunter: rethinking cyber security for a connected age

Beware! Attacks and threat sophistication are on the rise. Companies need to do more than detect and identify threats; they need to start hunting.

Part of the reason why attack numbers are soaring is that creating malware is no longer a sophisticated exercise. In the past, you needed advanced knowledge and lots of time, or know someone who has both. Today, you can just rent an attack kit or subscribe to an attack-as-a-service, with support services included.

The dark web, the shady cyber underworld where cybercriminals shared knowledge, is now a thriving marketplace. Attack tools and services are not the only things shared; increasingly, stolen credentials, refined attack tools, and proven techniques are shared, bartered and traded anonymously. It dramatically changes the threat landscape.

Kaspersky Labs research noted cases where attackers used the same backdoors or refined versions of attack tools, like Manuscrypt, from others, increasing the attack frequency, overloading security teams and clouding their oversight.

Attacks are also becoming more persistent. Kaspersky Lab research showed that targeted attacks last at least hundred days. If the target is a government agency or a critical infrastructure, it could last for years.

The solution is not another point product; instead, companies need to eliminate the fog of war and gain a complete picture of the threat landscape from the perspective of their IT infrastructure.  It is what Kaspersky Threat Management and Defense is designed to do.

The product combines the multi-layered detection advantages of Kaspersky Anti Targeted Attack Platform and rapid mitigation benefits of Kaspersky Endpoint Detection and Response (EDR) with Cybersecurity Intelligence Services. Essentially, it is an enterprise-grade answer for centralizing threat administration, automating mitigation and gaining valuable threat intelligence.

Kaspersky Threat Management and Defense is not about being better than existing products. More importantly, it allows enterprises to fight on a new front in the war against cybercriminals: targeted sophisticated attacks.

Most traditional attacks use brute force. An increasing number of sophisticated attacks started using multiple payloads for greater brute force. But with the ransomware, where cybercriminals saw more profit stealing, trading and ransoming credentials, sophisticated attacks became targeted.  Kaspersky Threat Management and Defense allows enterprise security teams to address this rising threat head-on.

Kaspersky Threat Management and Defense also differs from other products by the way it integrates threat intelligence across the entire product line. Threat intelligence, augmented by third-party information and global intelligence from Kaspersky Labs’ own resources, offers an important layer of protection and allows enterprises to proactively prepare for attacks occurring elsewhere or in other industries.

For example, the Kaspersky Anti Targeted Attack component uses the sensor data to correlate the various attack indicators accurately. Security teams can use this data to find out whether the multiple attacks are separate or parts of a single attack. Information from the company’s Targeted Attack Analyzer, which employs security intelligence and advanced machine learning, can help to separate suspicious data from third-party systems' custom connectors. Security teams can use the resulting Indicators of Compromise (IoCs) to unravel complex targeted attacks easily.

Kaspersky Threat Management and Defense also combines information from Kaspersky EDR to monitor, detect and respond to endpoint attacks. Endpoints, which remain a popular entry point for cybercriminals, are increasing with mobile devices and intelligent devices. Internet of Things (IoT), artificial intelligence and smart architectures, such as smart cities, smart grids and intelligent manufacturing, will only expand the number of endpoints exponentially. EDR automatically mitigates, contains and stops infections from spreading, giving your security teams vital information and valuable time to mount a comprehensive defence.

Battling sophisticated attacks is a full-time job. It requires massive investment in human resources and facilities, varied expertise that are difficult to find, and time that many companies cannot afford. So, many become reactive, hoping not to be attacked or when they are that the perpetrators leave digital clues. 

Kaspersky Threat Management and Defense Solution empowers security teams to take the offensive. Through Kaspersky Cybersecurity Services, it allows them to proactively assess and reduce false positives through targeted attack discovery; hunt threats using Kaspersky Managed Protection; respond effectively to incidents with the certified Incident Response Service. In addition, the product is backed by the company’s Global Research and Analysts Team (GReAT) – a team of 40+ expert cyber investigators whose sole joy lies in solving cybercrime mysteries and crack the codes behind well-hidden advanced persistent threats (APTs).

More importantly, Kaspersky Threat Management and Defense Solution turns companies from being hunted to ones that hunt the hunters. In an environment where it is a matter “when” and not “if” you will be attacked, it speaks volumes regarding consumer confidence, brand reputation, and sustainable success.

This article was created in collaboration with the sponsoring company and our sales and marketing team. The editorial team does not contribute.