Advanced cyberattacks are evolving into a blend of automated, often opportunistic break-ins combined with active human direction. They are stealthy and unpredictable, sneaking through network traffic under the security radar, abusing familiar and trusted IT tools, and then launching their main strike in the middle of the night. The security industry is adapting to keep businesses safe from such attacks by bringing together human minds with the latest technology to watch over customers 24/7.
Advanced attacks: automated and individual
The threat landscape is constantly evolving, with attackers refining their methods to evade the latest detection technologies and blend in with the normal network traffic. Emerging trends include hybrid attacks that combine automation with interactive human ingenuity to better target and exploit victims without being noticed and blocked.
Enterprises are facing sophisticated attacks from every direction, and it's absolutely critical that they can not only detect threats but also respond to them quickly (Aaron Sherrill, information security senior analyst at 451 Research)
Once adversaries gain a foothold inside a victim environment, they use “living off the land” techniques that mimic legitimate administrative behaviour. Such actions are often determined and controlled by the human operator. Spotting such activity requires a trained threat-hunting team, able to confirm whether the behaviour is malicious and to neutralise the threat. Put simply, you need humans to hunt threats being implemented by humans on the other side.
Trained threat hunters can use investigative techniques to conclude whether a suspicious activity is benign or not. They can apply valuable business context to why an attacker might be after a certain piece of data, question what motivates an attacker, evaluate output from multiple sources and employ creative thinking and problem solving to make decisions. This perfectly complements the capability of advanced, next generation security technologies, including endpoint detection and response, delivering powerful defence-in-depth.
Today’s cyber attackers are “always-on,” and that means an organisation’s dedicated security team needs to be too. But many businesses don’t have the capacity to support around-the-clock monitoring and management. Few organisations have the right tools, people, and processes in-house to effectively manage their security program 24/7, while proactively defending against new and emerging threats. This is where managed service programs come into their own. They enable organisations to outsource this increasingly business-critical service to a trusted partner.
Managed threat detection and response
Managed detection and response services deliver 24/7 threat monitoring, detection and response services to customers. The use of such services augments an internal team by, for example, covering those second and third daily shifts that are notoriously difficult to recruit for, contributing skill sets that the internal team may lack, and adding threat intelligence and unparalleled product expertise.
Sophos MTR combines Sophos' consistently top-rated endpoint protection with human expertise and troves of threat intelligence collected from SophosLabs to create an entirely new offering that meets a mounting market need (Aaron Sherrill of 451 Research)
Ideally, they also provide customers with access to an expert team that can take targeted actions on their behalf to neutralise even the most sophisticated threats.
Key areas of expertise to look for include:
1. Expert-led threat hunting
A good managed threat detection and response service will anticipate attacker behaviour and identify new indicators of attack and compromise. Threat hunters will proactively hunt for and validate potential threats and incidents, and investigate casual and adjacent events to discover new threats that previously couldn’t be detected.
2. Advanced adversarial detection
The service should use proven investigation techniques to differentiate legitimate behaviour from the tactics, techniques and procedures (TTPs) used by attackers. This should be coupled with enhanced telemetry that provides a detailed, full picture of adversary activities and allows for the scope and severity of threats to be determined for rapid response.
3. Machine-accelerated human response
In the best cases, a highly trained team of world-class experts will not only generate and apply threat intelligence to confirm threats detected by advanced security solutions, but also take action to remotely disrupt, contain and neutralise threats with speed and precision.
4. Asset discovery and prescriptive security health guidance
Last but not least, look for a service that provides valuable insights into managed and unmanaged assets, vulnerabilities for better informed impact assessments and threat hunts, and offers prescriptive and actionable guidance for addressing configuration, and architecture weaknesses that enable organisations to proactively improve their security posture with hardened defences.
The Sophos solution
Built on Sophos' next generation 'defence-in-depth' security software (Intercept X Advanced with endpoint detection and response (EDR)), Sophos' Managed Threat Response (MTR) service fuses machine learning with expert analysis to deliver all the above. If you'd like to learn more about Sophos MTR, and how it could help your business, please get in touch via sales@sophos.com or visit sophos.com/en-us/products/managed-threat-response.aspx
By Adrian Chambers, Managed Threat Response security analyst and team lead at Sophos