Maintaining Robust Security: Three Tips for Detecting, Preventing and Remediating Threats

Cybersecurity has always been a challenge, but today’s threat landscape is beyond anything we could have imagined even a few years ago. The good news is that organisations can fight back decisively — if they implement the right defences and strategies.

Ever since cybercriminals realised that it’s easier to log in than break in, identity-related attacks have been on the rise. Zero Trust and least-privileged policies are a common way to fight back. By limiting users to only the data and apps they need to do their jobs, the damage from a breach can be lessened. You want the salespeople to be able to access sales applications and the IT people to be able to access IT applications, but you probably don’t want salespeople getting into IT apps, and vice versa.

That may sound simple, but with thousands of apps, multiple firewalls, “app connectors,” and highly distributed users, it isn’t. Fortunately, there are comprehensive, platform-based solutions available that can be integrated into systems to enhance network monitoring capabilities. It is crucial to use solutions that can pinpoint the source of a problem, whether it’s the broadband provider, a cloud-based app, or even a user’s own laptop.

As with user identity, bad actors will exploit a compromised app or connected machine rather than hack directly into a network. So, Zero Trust must extend beyond humans and into the data centre too.

Unfortunately this is also not as simple as it sounds. Event-driven applications can respond to normal business changes in unpredictable ways, meaning that it’s often difficult to determine when one is truly acting in nefarious ways.

We can combat this using the power of AI to deeply understand what an application is doing and how it’s operating so that we can predict which policies should be put in place to prevent that application from doing something that it never should.

To protect against the modern attacks organisations need to understand the application and the vulnerabilities that reside within the application. This is a unique capability of Cisco Hypershield. The solution can put a tiny enforcement point right close to the application, allowing us to understand those vulnerabilities and apply what’s called a compensating control that can shield those vulnerabilities while the app team is working at patching and updating the application.

Hackers often disguise their entry into networks by mimicking legitimate users and apps. This is why analytics that tell friend from foe are another essential line of defence. A solution such as Cisco XDR is an analytic engine that draws telemetry from our user-protection suite and sees all that user activity. The cloud-protection suite, which is protecting those apps, either in private clouds or public clouds, pulls that telemetry together in near real time and identifies things like ransomware at the very early stages of an attack. It then provides a path to automate the recovery from ransomware.

Whether going from infrastructure to highly automated analytics with security XDR or to more powerful analytics platforms it is crucial that organisations choose partners who have the expertise to implement tools and strategies that ensure they can excel at security, no matter the threat.