Chuck Leaver – During The Holiday Season Hackers Will Still Be Working

Written by Ziften CEO Charles Leaver



Throughout the Christmas season it is a time of opportunity for the cyber bad guys, syndicates and state-sponsored cyber teams to attack your organization. A decreased number of IT personnel at work might enhance the chances for undiscovered endpoint compromise, sneaky lateral pivoting, and unnoticed data exfiltration. Experienced attack groups are most likely appointing their leading skills for a well-coordinated holiday hackathon. Penetration of your business would likely start with an endpoint compromise through the normal targeted techniques of spear phishing, social engineering, watering hole attacks, etc

With countless enterprise client endpoints available, preliminary infiltration hardly postures an obstacle to experienced assailants. Traditional endpoint security suites are there to secure against previously-encountered known malware, and are basically ineffective against the one-off crafted exploits utilized in targeted attacks. The attack organization will have examined your business and assembled your basic cyber defense systems in their labs for pre-deployment avoidance testing of planned exploits. This pre-testing may consist of suitable sandbox evasion approaches if your defenses consist of sandbox detonation safeguards at the business boundary, although this is not always required, for example with off-VPN laptops going to jeopardized market watering holes.

The methods which enterprise endpoints may end up being jeopardized are too numerous to list. In a lot of cases the compromise might simply include jeopardized credentials, with no malware needed or present, as validated by industry studies of malicious command and control traffic observed from pristine endpoints. Or the user, and it only takes one amongst thousands, may be an insider opponent or an unhappy employee. In any large enterprise, some incidence of compromise is unavoidable and continuous, and the holiday period is ripe for it.

Given incessant attack activity with unavoidable endpoint compromise, how can businesses best respond? Endpoint detection and response (EDR) with continuous tracking and security analytics is an effective method to determine and respond to anomalous endpoint activity, and to perform it at-scale throughout numerous enterprise endpoints. It likewise enhances and synergizes with enterprise network security, by providing endpoint context around suspicious network activity. EDR provides visibility at the endpoint level, equivalent to the visibility that network security provides at the network level. Together this supplies the full picture needed to identify and respond to unusual and possibly significant security incidents across the enterprise.

Some examples of endpoint visibility of prospective forensic worth are:

  • Tracking of user login activity, specifically remote logins that may be attacker-directed
  • Tracking of user presence and user foreground activity, consisting of normal work patterns, activity durations, etc
  • Tracking of active procedures, their resource usage patterns, network connections, process hierarchy, and so on
  • Collection of executable image metadata, consisting of cryptographic hashes, version info, file paths, date/times of first appearance, etc
  • Collection of endpoint log/audit events, ideally with optimal logging and auditing setup settings (to take full advantage of forensic worth, lessen noise and overhead).
  • Security analytics to score and rank endpoint activity and bubble considerable operating pattern abnormalities to the business SIEM for SOC attention.
  • Assistance for nimble traversal and drilldown of endpoint forensic data for quick expert vetting of endpoint security anomalies.

Don’t get a lump of coal in your stocking by being caught unawares this holiday season. Arm your enterprise to contend with the risks arrayed against you.

Happy Christmas!


No Responses Yet to “Chuck Leaver – During The Holiday Season Hackers Will Still Be Working”

Leave a Reply