Understanding the Broad Context to Detect Targeted Cyber Attacks

How do you protect your organization from targeted cyber attacks? Only a broad understanding and visibility of advanced threats across your organization can help you stay ahead of today’s sophisticated attacks. Watch our video, which explains the dilemma of threat detection.

Author: Taija
Date: 27.04.2018
Read Time: 4 Minutes

How do you protect your organization from targeted cyber attacks? Only a broad understanding and visibility of advanced threats across your organization can help you stay ahead of today’s sophisticated attacks. You need constant monitoring of your security status, behavioral events and the broad IT environment to stay safe. What does this mean in practice?

 

Fileless and behavioral attacks are the most harmful ones

 

 Traditional endpoint products do a very good job in protecting companies from the vast majority of threats. But they cannot detect about 0,1 % of today’s threats, and this fraction includes the most harmful attacks.

 

These fileless and behavior-based attacks are very difficult to detect. Most of the times, they don’t contain any malware. Someone could enter your system through clicks you made on a file on your computer. Once they have access to your environment, they can move within the network from one machine to another. There might be nothing suspicious about the behavior. How can you detect targeted attacks like this?

 

The latest episode of our video series explores the world of threat detection:

 

Finding a Needle in a Haystack

 

There are billions of events happening in a network environment all the time. The events can be anything you do on your computer – logins, clicks, or downloads. The biggest challenge is distinguishing bad behavior from the normal activity. It’s like finding a needle in a haystack. This is where artificial intelligence and machine learning step in.

 

Processing billions of events is not possible for a human. That’s why machine learning is used to analyze the data to find suspicious events. Machine learning is the building block of solid detection and response solutions. It helps humans in detecting, when a login is malicious and when it is normal behavior.

 

“A login is a login, but a login done by someone who has bad intentions and finding that from normal users’ logins is what the endpoint detection solution does. Not only it detects that there is a bad login, but it detects what that login does”, says Nidhi Singh, product owner of F-Secure’s Endpoint Detection and Response solution.

 

Human experts develop the intelligence further, and a smooth co-operation of man and machine is needed to stay ahead of the advanced criminals.

 

See the Broad Context

 

In order to understand the severity and scope of a targeted attack, you need to look at the big picture. Targeted attacks start from one computer and spread across the network. This means you need to look into more than just one detection on one machine.

 

F-Secure has developed Broad Context Detection™ mechanism to build a view of all relevant events in the company network. Nidhi Singh explains:

 

When we find problematic behavior on one computer, we do not stop there. We try to find traces of similar behavior, such as a similar file, on other machines. If we find similar behavior on other machines, we try to find more detections of that type and combine them. Instead of point detections, we look into the broader context and present the customer insights covering other aspects of the organization.

 

Broad Context Detection™ is a prime example of F-Secure’s “man and machine” approach in action. With such technologies, businesses are able to detect and stop attacks swiftly. The technology helps organizations prioritize and react to attacks. When you understand the risk level, the relative importance of the affected machines and the general threat environment, you can make better decisions on the scope of your response actions.

 

On our video, Juhani Eronen from the Finnish Communications Regulatory Authority summarizes the challenge of every CEO today: “A key question is: if we were hacked, would I have a way of knowing that?“ With proper detection and response tools, you would.

 

 

In F-Secure’s new video series, Linda Liukas goes on a journey to discover the answers to some of the most burning questions in cyber security. Linda meets the brightest minds in the field of cyber security to learn what type of cyber threats are out there and why modern breaches are so difficult to stop. She agrees to let our cyber security experts hack her, finds out how to detect and respond to breaches and how cyber security can benefit from artificial intelligence and machine learning. Watch the previous episodes here.


One thought on “Understanding the Broad Context to Detect Targeted Cyber Attacks


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s