Digital Anarchist RSAC 2020: Are you unknowingly enabling an attacker to easily navigate your network?
Digital Anarchist interview with Wade Lance, Field CTO at Illusive Networks
Cyber gangs are running a business like anyone else, and the fastest and most efficient approach to a pay day is to land on a host and then ‘live off the land’ using the residue of errant credentials and connections left behind from the course of daily operations. From a defender’s perspective, once an attacker grabs domain credentials, the odds are against you successfully detecting lateral movement, especially when the activity appears normal to most security tools.
To flip the odds in favor of defenders, InfoSec teams must preempt attackers by hardening their environment and cleaning the residue malicious actors need (and expect to see) to perpetrate their attack―cached domain admin credentials, disconnected RDP sessions, local admin accounts using the same password, and more. To be effective, remediation of risks must be easy, automated, and performed continuously.
In this video, Charlene O’Hanlon, Managing Editor for MediaOps, and Wade Lance, Field CTO for Illusive Networks, sit down at RSAC 2020 to discuss both the challenges of good cyber hygiene, and the opportunities to significantly improve your security odds and outcomes.
In the discussion, Wade shares how data gathered from Illusive’s cyber hygiene process informs the subsequent creation of deceptions that mimic an organizations real-world assets, which are then back planted into the network. Attackers unknowingly encounter a maze of ‘false’ data that disorients and slows their movement―and adds to the costs of their campaign. The misstep of engaging with an Illusive deception reveals the attacker’s presence and begins real-time capture and notification of source forensics.
For customers looking to better quantify their attack surface risk, Wade suggests a free Attack Risk Assessment (ARA). The ARA helps identify where exactly problems are located and how Illusive can help address, thus arming you with the data necessary to close security gaps and strengthen your overall security posture.
Points discussed in this video:
- Normal business workflows leave a ‘residue’ of artifacts that can be used by attackers to navigate the network
- Good cyber hygiene requires both identification of security risk and automated remediation
- Attack Surface Manager cleans errant credentials and connections that get left behind in the course of doing business and are overlooked by many security tools
- To detect in-network attacks other tools miss, deceptions authentic to your real-world assets should be back planted where attackers expect to find fuel for lateral movement
- See what you’re missing. Free Illusive Attack Risk Assessments take half a day, delivering a full report about your current vulnerabilities