Security in SyncAchieving Unified Defense Against Coordinated Cyberattacks

WHITE PAPER

White Paper: Security in Sync | 2

IntroductionToday, cyber criminals are more coordinated and sophisticated than ever before. Rampant global cyberattacks—particularly the highly-damaging WannaCry ransomware cryptoworm of 2017—have proven to network security experts that organized cyber criminal enterprises are behind a growing amount of advanced cybercrime activity.

Perceived to have less robust cybersecurity systems, SMBs are prime targets for cyber criminals. The traditional cybersecurity approach of layering independent security point solutions is often employed by SMBs, but these products operate separately from each other and therefore must all be managed individually. With an increasing number of attack vectors to protect and a lack of necessary IT skills or resources to oversee every angle of cybersecurity, many SMBs are left open to cyberattacks. In order to protect their data, their network, and their business, SMBs require a cybersecurity solution that is just as coordinated as cyber criminals’ malicious techniques.

The next target for these coordinated crime rings? Small and mid-sized businesses.

This white paper will provide insight into next-gen synchronized security solutions for SMBs, which utilize shared threat intelligence and automated threat response to outmaneuver coordinated and ever-changing cyber threats.

Perceived to have less robust cybersecurity systems, SMBs are prime targets for cyber criminals.

White Paper: Security in Sync | 3

Today’s Cyber Threat Landscape In the early days of the Internet, cyberattacks were typically propelled by a desire to prove one’s hacking ability or generally create chaos. Today, however, the cyber threat landscape has seen a significant shift: cybercrime has become an organized market with money as a major motivation and barriers to entry lower than ever.

Modern hackers have much to gain from participating in coordinated cyberattacks. In fact, the FBI reports that more than $1.3B was lost to cyber criminals in 2016.1 This is compounded by the fact that with new Malware-as-a-Service and other malicious ‘exploit kits,’ almost anyone can purchase highly damaging software or code and unleash it upon the network of their choice—without the need for vast technical knowledge.

While the sophistication of the average cyber criminal has lowered, the potential damage to businesses continues to increase, especially to organizations that cannot afford to pay off the high price hackers may demand for stolen data and the like. 60% of small companies that experience a cyberattack go out of business within just six months,2 demonstrating the permanent damage that a single network breach can do to an SMB.

Attempts to breach businesses are more frequent and more malicious, and the attack vectors used are also growing more sophisticated. Cyber criminals are now leveraging multiple vectors in tandem to systematically find the weakness in a business’ defenses.

According to the FBI, more than $1.3B was lost to cybercrime in 2016.1

60% of SMBs that experience a cyberattack go out of business in just six months.2

White Paper: Security in Sync | 4

PHISHING

Phishing is the number one cyberattack vector and it is estimated that 91% of all cyberattacks begin

with a phishing email.3 Phishing tactics continue to improve in quality, using realistic scenarios to compel

an employee to divulge sensitive information. For example, the rate of business email compromise

(BEC) is growing rapidly, in which scammers pose as company executives and ask employees to send

financial or other privileged information to a trusted vendor. The request seems routine, but the data is

funneled directly to the scammer.

IOT BOTNETS

As Internet of Things (IoT) devices become increasingly prevalent in SMB networks, so do

opportunities for cyberattacks. In fact, 1 in 8 SMBs have already reported an IoT-based attack.7 Botnet

malware performs coordinated searches for vulnerable devices across the Internet, with the goal of infecting

as many as possible. Once one device is infected, the hacker has access to all devices within its network, and

can control them all to perform Distributed Denial of Service (DDoS) attacks, send spam, steal data, and

conduct other malicious activities.

RANSOMWARE

Ransomware, which increased in incidence by 250% in 2017,4 holds company or customer data hostage, with the attacker threatening to destroy or publish it unless a ransom is paid. Ransom can reach tens of thousands of dollars depending on what the business in question is likely to pay. In 2016, the average ransomware generated $1,077 for hackers, a 266% increase from 2015.5 That is because more businesses, particularly SMBs, are being forced to pay the price. A recent survey found that 48% of SMBs had paid a ransom to retrieve their data.6

AI-POWERED ATTACKS

The use of artificial intelligence (AI)-driven machine learning is exploding throughout the legitimate business landscape, but it is also a burgeoning threat to cybersecurity. Using artificial intelligence for malicious means, cyber criminals can learn typical operator patterns, mimic the activities and writing style of network users, and scan systems for vulnerabilities more easily than ever before.8 In a recent poll of 100 cybersecurity experts, 62% said they believe AI-powered attacks are coming within the next 12 months.9

Existing Cybersecurity Approaches Lack Coordination

With the rapid and unrelenting nature of today’s coordinated cyberattacks, by the time a breach to one device has been detected, it may have already had the opportunity to infect the network.

Unfortunately, typical SMB cybersecurity frameworks use multiple point solutions that separately address each layer of security. Not only do these detached security layers lack the ability to communicate with one another, but they also require that an operator manually correlate all alerts—which could reach over 10,000 per day.10

This causes delays in the business’ ability to detect and remediate risks, puts excessive burden on already understaffed SMB IT team, and can result in huge losses in very short order if priority alerts cannot be easily identified.

These coordinated attacks may use a combination of:

White Paper: Security in Sync | 5

A Synchronized SolutionBusinesses today require a cybersecurity solution that can outmaneuver even the most advanced cyber threats. Out of this need has grown a new, simplified framework for stronger, more coordinated cyber protection: synchronized security. In this approach, endpoint and network protection operate as one integrated security system, with full endpoint-firewall coordination.

A SYNCHRONIZED APPROACH

Instead of using layered point solutions, a synchronized security framework enables a two-way stream of communication between each network endpoint and the network firewall. By sharing intelligence about their security status in real-time, endpoints can instantly relay news of cyberattacks to the firewall, which automatically acts to isolate such threats.

In fact, the framework enables automated detection, isolation, and remediation of attacks to neutralize their effects immediately, providing the strengthened coordination needed to rapidly mitigate highly malicious, modern cyber threats. The following sections describe how this is achieved in a single, highly synchronized process.

A synchronized security solution empowers SMBs to decrease incident response time, speed successful threat isolation and remediation, and collect even more detailed information on potential cyberattacks.

Synchronized security enables a two-way stream of communication between each network endpoint and the network firewall.

White Paper: Security in Sync | 6

Synchronized Communication

Direct communication between the network firewall and network endpoints is the key capability that drives a synchronized security solution. Each endpoint shares a constant stream of security intelligence with the firewall: its security and health status, recent activity, alerts, suspicious traffic, and more.

From the minute an endpoint is added to a synchronized network, it begins to share these details with the firewall. The firewall can, in turn, constantly monitor the status of the network, even storing information about normal and abnormal IP addresses, processes, and users.

Synchronized Isolation

Powered by constant coordination and communication, a synchronized security solution delivers automated threat isolation. When the firewall receives an alert from an endpoint—or if it even fails to detect a healthy endpoint security status—its first action is to isolate the compromised endpoint from the rest of the network to keep the anomaly from spreading.

Not only can the firewall isolate an endpoint within the network itself, but it can also prevent the endpoint from communicating externally with any suspicious command/control centers. This isolates the threat by blocking the infiltration of more malicious software as well as the exfiltration of endpoint data.

White Paper: Security in Sync | 7

Synchronized Mitigation

Once an endpoint has been isolated, the firewall will alert a network administrator with detailed information about the affected machine, including the machine name, logged in user, and process name for the triggered alert. Administrators can respond to these true cyber threats immediately, acting to remediate them more easily in the isolated endpoint environment.

Once an administrator has ensured that the endpoint is no longer compromised, the firewall can automatically restore it to the network. This entire detection, isolation, and mitigation process, which could take days in a traditional cybersecurity system, can be performed mere minutes in a synchronized environment.

Synchronized Analytics

While an administrator mitigates threats, the firewall captures critical information about malicious software present in the machine. Details about the system, IP address, and any attempts to connect to an external command center are recorded.

With this insight into the cyberattacks that are targeting their network, firewalls can automatically block any recurrences of malicious IP addresses and processes on network endpoints, enabling SMBs to proactively recognize and avoid future compromises.

As cyberattacks become more sophisticated, synchronized firewall-endpoint security solutions allow SMBs to do the same with faster detection, isolation, and threat mitigation.

White Paper: Security in Sync | 8

Giving SMBs the ability to save valuable time and resources, Avow’s Managed Cybersecurity Program is a single, affordable solution to combat today’s increasingly coordinated cyberattacks.

To learn more about Avow Security’s solution, visit www.avowsecurity.com.

Avow Managed Cybersecurity ProgramA Synchronized Security Solution for SMBs

In order to successfully outmaneuver the sophisticated cyberattacks targeting their businesses, today’s SMBs need a synchronized security solution that provides the expert IT resources their organization may lack.

Avow Security’s Managed Cybersecurity Program delivers the synchronized, enterprise-grade protection SMBs need under one cost-effective subscription. Comprised of tools that are hand-picked and pre-vetted by cybersecurity experts, Avow’s solution leverages synchronized firewall-endpoint security alerts to detect, isolate, and mitigate even the most advanced cyber threats in SMB network environments.

With 24/7/365 remote monitoring, Avow’s Managed Cybersecurity Program also delivers constant peace of mind for SMBs. Cybersecurity professionals monitor business networks round-the-clock, immediately identifying activity warranting their attention or intervention.

The end-to-end, 100% managed solution includes:

• Next-Generation Firewall

• Endpoint Protection

• Patch Management

• Security Awareness Training

• Vulnerability Scanning

• Incident Response

© 2018 Avow Security

1. https://pdf.ic3.gov/2016_IC3Report.pdf | 2. https://www.denverpost.com/2016/10/23/small-companies-cyber-attack-out-of-business/ | 3. https://www.darkreading.com/endpoint/91--of-cyberattacks-start-with-a-phishing-email/d/d-id/1327704? [1] | 4. http://www.newsweek.com/ransomware-attacks-rise-250-2017-us-wannacry-614034 | 5. https://www.cyberscoop.com/ransomware-demands-now-average-1077-many-people-deciding-pay/ | 6. https://www.csoonline.com/article/3160905/backup-recovery/report-half-of-ransomwares-smb-victims-pay-up.html | 7. https://www.helpnetsecurity.com/2017/09/08/smb-iot-based-attack/8. https://blogs.wsj.com/cio/2017/11/15/artificial-intelligence-transforms-hacker-arsenal/ | 9. https://futurism.com/experts-warn-that-ai-enhanced-cyberattacks-are-an-imminent-threat/ | 10. https://www2.deloitte.com/insights/us/en/deloitte-review/issue-19/future-of-cybersecurity-operations-management.html#endnote-3