Outwitting Cyber Attackers with EDR and Deception

It takes an average of 65 days for organisations to discover a cyber security breach. Advanced evasive threats are easily bypassing traditional security tools such as firewalls, intrusion prevention systems and antivirus software.  

In today’s digitalised and hyper-connected landscape, industrial control systems are increasingly less isolated and more vulnerable to hackers. We are seeing more attacks on critical information infrastructure such as power grids, healthcare operations, transport systems, manufacturing plants, and more. When these get hacked, damages will no longer be limited to revenue, IP or reputation loss. They will be catastrophic, leading loss of lives and homes, ecological damages, or even flooded cities.

According to Gartner, enterprises are transforming their security spending strategy in 2017, moving away from prevention-only approaches to focus more on detection and response solutions. ² Cyber security strategy needs to be reformulated with the idea that a breach is inevitable, and attacks need to be disrupted before they have a chance to cause damage.

Let’s take a look at two solutions that will enable your organisation to adopt a detect, respond and remediate approach.

With BYOD adoption, the number of endpoints that need to be protected is growing rapidly. Singtel’s Managed Endpoint Detection and Response (EDR) Service uses a unique combination of real-time big data behavioural analysis and machine learning to protect all your endpoints. It is designed to continuously monitor your endpoints for abnormal and malicious behaviour. As signature-based detection is unable to identify most stealthy APTs, behavioural analysis is used instead, leveraging big data and multiple sources of threat intelligence. Threat activity is monitored in real-time, enabling your security team to unravel an attack, determine its root cause, disrupt the attacker, quarantine infected systems, and harden endpoints against future attacks.

Deception technology mimics IT and OT assets, creating decoys, vulnerabilities, systems and credentials throughout your network. The result is a “hall of mirrors” environment to lure, confuse and misdirect attackers into revealing themselves. If any of these decoys are compromised, it is a strong indicator that a threat is present, as a legitimate user would not try to engage these assets. This results in lower false-positive rates and reduced time-to-detection. The threat is allowed to detonate within a controlled environment, generating a forensic analysis of the attack.

The strategy of deception is highly effective in securing industrial control systems and SCADA environments. Custom OPC software can be installed to create decoys that are indistinguishable from SCADA devices. Fake credentials are generated on each SCADA decoy to deceive attackers into thinking they have stolen valuable credentials. By luring attackers into engagement traps, threats can be proactively stopped and contained before they can cause catastrophic damage to manufacturing and control systems.

By integrating these two services into the cyber defence strategy, organisations will be able to take their threat detection capabilities to the next level to secure both IT and OT environments.

Deception technology provides high-fidelity alerts and lower false-positive rates, allowing you detect attacks with greater speed and accuracy. Furthermore, it allows you to analyse and fully understand the lifecycle of the attack, including attack methods, credentials used, targeted files and the extent of the threat’s blast radius. The Singtel Managed EDR service can then use this valuable data to drive its incident response and malware hunt more effectively, thwarting attackers before they can cause damage to other areas of your business.

Contact a Singtel security advisor to find out how you can adopt these solutions to combat today’s sophisticated threats.

1. http://www.gartner.com/newsroom/id/3638017