[White paper] A new approach to cyber defense automation
Cyber-attacks are a daily occurrence. While the largest attacks make intermittent headlines, the attacks as a whole are unrelenting. Day after day, hour after hour, our computer and network infrastructure, both enterprise and personal, are probed, scanned and attacked in attempts to penetrate and gain a foothold from which subsequent attacks can be staged.
The reasons these attacks are taking place are many, but that is not the focus of this paper. This paper focuses on how automation must be adopted to better defend our digital systems, resources and assets. The attacks of today are largely automated. Computers, as automatic machines, are very good at performing repetitive tasks endlessly. The more computers that can be enlisted and coordinated to work together, the more work can be performed. This is the fundamental principle behind botnets. Botnets are collections of computers that have been co-opted to perform some malicious activity under the control of another computer system. With a herd of computers at their command, botnet masters can instruct their botnets to execute many types of attacks; from simply flooding networks with distributed denial of service (DDoS) attacks, to email spam generation, to exfiltration hosts for storing stolen computer records.
While botnets are not the only type of attack, they do exemplify how computer automation is used for attack purposes. Other attacks may use computer automation as tools in an attack as assists to human operators. These automated tools are used to monitor progress toward an objective, perform evasive maneuvers and detect countermeasures. These tools are often deployed in conjunction with stealthier operations where low observability is the chief priority. Although these attacks may not be as noisy as those performed by botnets, their damage may be more significant. The use of automation versus tools from the attacker’s point of view is largely based on the amount of noise generated during the attack.
Further Reading: How you can accelerate hyperautomation?
Detecting and thwarting attacks and cleaning up the aftermath is a difficult task. Most cyber defense systems are neither automated nor integrated. They operate as sets of individual tools which may have aspects of automation incorporated into them. For instance, automating the updating of signature catalogs is necessary but insufficient, because signature based solutions are reactionary and are unable to detect zero day and polymorphic attacks. An automated cyber defense system must provide better protection than this. The concept of cyber defense automation is not new. The most prominent example of cyber defense automation was the shift from Intrusion Detection Systems (IDS) into Intrusion Protection Systems (IPS). Elements of this can be seen in products by IBM, Cisco, Palo Alto Networks and FireEye.
For more insights about Cyber Defense Automation, download this white paper sponsored by BlackRidge Technology.
May 2024 Industrial IoT & ICS Cybersecurity Events
Welcome to the May 2024 roundup of IIoT and ICS cybersecurity events. This month promises an array of conferences, summits, and expos dedicated to exploring the latest advancements, challenges, and best practices in securing critical infrastructure and advancing industrial connectivity.
From Visibility to Vigilance: Transforming Industrial Cybersecurity with Schneider Electric
In this interview during the Innovation Summit 2024, Jay Abdallah, Vice President of Cybersecurity Solutions & Services at Schneider Electric, talks about the double-edged sword that technological advancement represents. While it undoubtedly propels efficiency and efficacy in operations, it concurrently
Compliance versus Security: Managing Risk in an Evolving Digital World
At the heart of the S4x24 conference in Miami, Jeff Brown, Regional Director, Operational Technology, Fortinet, shared his enthusiasm not only for the event but also for his upcoming participation in a panel at IIoT World Energy Day. This discussion,