Threat intelligence captured in the real world can warn IT security teams about the types of menaces that are on the horizon and when they could arrive, how they might function, and how much damage they may cause. The more visibility organizations have, the better they can defend against attacks.
The following is sponsored content. It may not reflect the views of our editorial staff.
By Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs
IT security teams are always under pressure to prepare for cyberthreats. They used to have much more time to prepare, but now SOCs often have only 48 hours or even much less. Threat actors are now executing attacks at speeds never witnessed before.
They are accelerating through the attack phases, giving defenders little time to respond. It’s alarming when the data shows an increase in pace by the attackers, because as we all know, speed is crucial—especially, when the attack surface keeps growing.
The increased speed of attacks is compelling enterprises to quickly evolve and adopt AI-powered prevention and detection strategies. IT security teams that once relied upon point products and the “just stop execution of effects” philosophy of are finding they are no longer sufficient defenses. The heart of the matter is that there are too many various techniques that the attackers have available to them.
Why point products are problematic
Security point products are problematic because they don’t “talk” with other solutions. This lack of integration means there is no total visibility across the network. If you can’t see a threat, does that mean it’s not there? Even if you can see a threat, can you act in time given the speed of attacks today?
The other big problem with point products is the manual tasks that the SOCs are required to employ. Say, a suspicious event is found on Point Product A. The first action that probably needs to be done is a cross-reference with Point Product B and/or Point Product C. Then another step may be needed to cross-verified with a SIEM. This manual process must be done quickly to keep up with the speed of the threat attacks.
Integration and automation are vital elements of strong cybersecurity. Eliminating extra steps and taking the manual work out of the defense process, speeds the response and permits the security analysts to stay focused on the attack—rather than losing time on distractions like checking policies or uploading logs.
The need for speed
IT security teams have always known that a speedy response is required when a threat emerges. That requirement is not going away. In fact, the demand is only going to be greater as cyberattacks continue to move faster and faster.
The increase in the speed of execution and growing sophistication of threats are not the only challenges facing IT security. They now must also consider the growth in the number of techniques being used by cybercriminals in their attacks. To respond appropriately, CISO and IT security teams need the full support and cooperation of the entire operation. Organizations that don’t improve, fortify, and accelerate their intrusion responses, could find themselves as a cautionary tale in the next threat research report.
The recent Apache Log4j Vulnerability is discussed in the most recent FortiGuard Threat Landscape Report. Log4j is a good example of the increase of attack speed. A chart shows that the number of attacks that occurred in two weeks would have taken several months to reach the same amount in the recent past.
Attacks like Log4j could become very common, so the time to get visibility into the current threat landscape and cybersecurity postures is now.
According to FortiGuard Labs Global Threat Landscape Report, the top takeaways from the second half of 2021 were:
- Log4j: Despite emerging in the second week of December, exploitation activity escalated quickly enough to make it the most prevalent IPS detection of the entire half of 2021.
- Threat actors are moving Linux-based malware closer and closer to the top shelf in their collection of nefarious tools.
- The sophistication, aggressiveness, and impact of the ransomware threat charges on, not slowing down.
- Botnet trends show a more sophisticated evolution of attack methods
- Malware trends show cybercriminals maximizing “remote everything”
Cybercriminals are developing attacks faster than ever. They continue to exploit the expanding attack surface of hybrid workers and IT and are using advanced persistent cybercrime strategies that are more destructive and less predictable than those in the past. To secure against evolving attack techniques, organizations need smarter solutions that can ingest real-time threat intelligence, detect threat patterns and fingerprints, correlate massive amounts of data to detect anomalies, and automatically initiate a coordinated response.
Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolio. Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert program, Network Security Academy program, and FortiVet program.