Securing the Attack Surface with Data Sharing and Machine Learning
A few months ago, the SolarWinds hack stole headlines as its breadth stretched into the U.S. Department of Energy, the U.S. Commerce Department, and the U.S. Treasury along with companies such as Microsoft, Cisco, VMware, and FireEye. At the time, the breach was remarkable in its scope and complexity. Now, as the dust is still settling from the SolarWinds breech, headlines have been consumed with a potentially even larger and further-reaching attack on over 125,000 unpatched Microsoft Exchange servers and potentially tens of thousands of already infected patched servers. The true extent of the hack may never be known as many of the organizations affected likely won’t come public unless forced to do so by regulators.
What the SolarWinds and Microsoft attacks do reveal is how unprepared the world is for this new stage of cyber warfare. Through the drastic shift in the workforce caused by the global pandemic, businesses today are more reliant on technology and work-from-anywhere has required corporations to open up data access from virtually any location with connectivity. When your entire business relies on technology, the attack surface of where you could be vulnerable likewise grows in scale.
Every SolarWinds customer who installed the Orion software patch — allowing the bad actors access to their systems — could potentially still be compromised and similarly, any Microsoft customers with unpatched Exchange servers have to scour their devices looking for new vulnerabilities the attackers created while inside their systems.
What this means for the future of cybersecurity is that protecting networks and systems will require real-time access and analysis of all data coming into and leaving your organization. Organizations can no longer rely solely on patching and plugging systems and hoping for the best. As the SolarWinds hack exemplifies, sometimes the patch creates the vulnerability. Machine learning and artificial intelligence allow for such analysis — identifying known attacks and unknown attacks more quickly. The unknown attacks are known as zero-day attacks as they have never been witnessed previously. To protect against these invasions, an organization must analyze all data coming into and leaving their systems. Threat Detection and Response systems such as WatchGuard’s ThreatSync are one solution that utilizes machine learning and can decrease time to detection and remediation through analysis and policy-based automation. WatchGuard Threat Detection and Response (TDR) is a powerful collection of advanced malware defense tools that correlate threat indicators from Firebox appliances and Host Sensors to stop known, zero-day evasive malware threats.
WatchGuard Host Ransomware Prevention (HRP), a module within the WatchGuard Host Sensor, utilizes a behavioral analytics engine to determine if a given action is associated with a ransomware attack. HRP is a component of Threat Detection and Response and included with WatchGuard Total Security Suite.
While no system exists that can stop every threat, allowing your systems to leveraging the latest in cloud-based threat correlation from other appliances around the globe, can keep you at the front of the herd.