It may seem hard to remember, but several years ago  data breaches were not regularly in the news. There were only a few breaches, mostly at defense contractors, in the news back then. These companies were some of the few that had to take the threats very seriously at the time. These were the organizations that created processes and technology that allowed them to successfully defend themselves. Out of the fires of their experiences, today’s companies can learn a lot.

The first thing to understand is that the adversary is a person not a malicious program.  This is subtle, but important.  People are inherently creative and will come up with new and inventive ways to get past security systems.  The approach outlined below is designed to address a people-based problem.
 
The foundational element of this strategy is a continual learning process.  People are doing the attacking, but the technologies they use are their tools.  Catching and examining those tools helps you learn about the people. The more you learn about the people, the better chance you have of staying ahead of them.
 
What is more, each attack requires multiple tools.  For example, one tool may be used in a phishing email to install a backdoor, while another tool may be used to dump passwords from domain controllers, and yet another tool used to exfiltrate data.  These tools take some time to develop and therefore, attackers like to reuse them.
 
It is rare for an attacker to execute an entire attack from start to finish with entirely new tools.  This is costly for the attacker both in terms of time and expense.  Based on this, if a defender is able to inventory all the tools in an attacker’s arsenal, they should be able to defend themselves, even as attackers switch out or modify one or two of those tools at any given time.
 
In my prior role leading IT Risk for a global organization,  I saw this approach work first-hand.  It is very powerful.  The downside is that it is hard to implement. 
 
Not only do you need the skill set to implement this learning process (threat intelligence, reverse engineers, etc.), but you also need technology that allows you to rapidly change what and how it detects.  The technology should allow you to quickly determine the existence or non-existence of anything within your environment.  If you learn about a new attack tool, does it exist in your environment?  If you find a new variant of a previously known tool, does it exist in your environment?  If you find attackers are using a new communication method, does it exist in your environment?  You get the picture.
 
This is where Morphick comes in.  Not only do we provide the skills needed to implement this learning process, we also provide the technology to verify the existence or nonexistence of anything inside your environment.    

Providing this one-two punch in a way that force multiplies your existing security program is the true differentiator that Morphick brings.  Our clients find that they are not only more secure, but are more productive because of how well we augment their current capabilities.  Learn more about Morphick Defense and how you can have the very best cyber defense without hiring an army.