Story image

CrowdStrike compiles 'casebook' of cybersecurity's important lessons

11 Dec 2017

CrowdStrike has compiled a ‘casebook’ of some of cybersecurity’s important lessons on the subjects of state-sponsored attacks, fileless malware, mean-time-to detect - and the ultimate finding that organisations are getting better at self-detection.

The company’s annual Cyber Intrusion Services Casebook looks at attack tactics, techniques, procedures and the state of breach readiness across various industries.

According to CrowdStrike Services CSO and president Shawn Henry, organisations need to be aware of emerging attack trends and techniques so they can implement best incident response strategies.

With cybersecurity becoming a core business issue, CEOs and business leaders need to improve their ability to anticipate threats, mitigate risks, and prevent damage in the wake of a security-related event,” he explains.

The casebook found that the average time between the first evidence of a compromise and its initial detection was 86 days. The company says that the longer an attacker can ‘dwell’ in an environment, the more opportunity that attacker has to find, exfiltrate and destroy data or operations.

However, organisations are getting better at detecting attacks internally. In 68% of the reviewed cases, the affected organisations were able to internally identify the breach – up from 11% over previous years.

The casebook also suggests that nation-state sponsored attacks and other cybercriminals are starting to merge.

“Both threat groups increasingly leverage similar tactics such as fileless malware and “living off the land” techniques involving processes native to the Windows operating system, including PowerShell and WMI (Windows Management Instrumentation),” the company says.

The casebook found that attack trends towards fileless malware, such as those that execute code from memory, made up 66% of all attacks. This category also includes credential theft for remote logins.

 “Based on the CrowdStrike Services team’s extensive experience, this Casebook informs not only security professionals, but also executives, boards of directors and shareholders on how to prepare for and respond to intrusions in a more effective manner,” Henry continues.

CrowdStrike states that organisations must improve their resiliency if they are to protect against sophisticated threat actors.

“Relying on traditional security measures, tools and approaches is no longer effective in the face of modern cyber threats. As attacks continue to become more sophisticated and prolific, organizations must evolve their security strategies to proactively prevent, detect and respond to all attack types, including fileless malware and malware-free attacks," the company states.

In August 2017 CrowdStrike announced expansion into the Asia Pacific market.

“The CrowdStrike Falcon platform delivers to customers maximum protection against modern-day threats, along with best-in-class performance, efficacy, and efficiency,” commented CrowdStrike APAC vice president Andrew Littleproud.

“This powerful combination has allowed us to set a new standard in endpoint security, which is driving incredible momentum in our sales across APAC. We are excited to expand our presence in APAC countries and will continue to invest within the region throughout the rest of 2017.”

The company opened its APAC headquarters in 2017. Since then, the company has made strategic hires to continue its investment in the region.  

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.