As adversaries perfect their attack techniques, cyberthreats become increasingly difficult to detect. It is common now to encounter software which can in essence be trusted, but that may contain a backdoor or vulnerability that can be exploited and consequently provide a viable attack vector for attackers. Another scenario is where completely trustable software is accessed by an adversary using legitimate, yet stolen, credentials, leading to a serious security compromise. As opposed to the philosophy of ‘verify, then trust’, the Zero Trust model takes the approach of “never trust, always verify” as the basic premise of enterprise cybersecurity.
Similarly, for an organization to survive in this hostile cyber-environment, reducing detection and response times is vital. According to IBM, average threat detection times in 2019 clocked in at 206 days, and that’s only counting those that were actually detected! Given this panorama, the question to ask is: “Is there a cybersecurity solution on the market that combines leading technology and security, artificial intelligence, and an expert cybersecurity team to protect my company?”
Cytomic Orion, the cloud-based threat hunting and incident response solution from Cytomic, accelerates incident response and the search for malwareless threats on the basis of large-scale behavior analysis from the cloud. In addition to Zero Trust, its tools, consoles, and pre-defined analytics, such as the threat hunting library and Jupyter Notebooks, enable effective threat detection, rapid investigations, and immediate action on endpoints from the first moment. The Jupyter Notebook pre-defined investigations also ensure a short learning curve for analysts and hunters as they are self-explanatory, extendable, and reusable.
Steps toward Zero Trust security_
There are several concepts that should feature in a robust cybersecurity strategy:
1.- Resilience. A first requirement for ensuring robust cybersecurity is to be clear that not only does cybercrime never rest, it also continually reinvents attack techniques. Resilience affects the entire pre-attack process, and also the subsequent process, when reaction is key.
2.- Threat hunting. Threat hunting is essential considering that simply reacting to an attack after the event is not going to help much; better to have both automated and manual proactive and iterative searches for potential threats. Artificial intelligence and machine learning can help to set up an automated model for searching for, detecting, and reacting to any incidents, so that experts in advanced cybersecurity can then focus on greater threats. Such a combination will provide a company with two advantages, on the one hand, incident response times will be reduced, and on the other, it will ensure the human effort of cybersecurity professionals is more efficient, as they will be working where automated solutions cannot always reach.
3.- Living off the Land (LotL) attacks. The Zero Trust model, by default, considers all solutions as not trusted, even if they are apparently safe, so it is also important to prevent cyberattacks that leverage internal system software to compromise security from within and slip past traditional security solutions. Consequently, it is essential to continuously analyze all running processes so that in the event of any anomalous activity, defensive action can be taken to prevent an incident.
The work of Cytomic Orion_
To effectively combat cybercrime using a Zero Trust model and protect enterprise cybersecurity, we offer Cytomic Orion, our threat hunting and incident response solution combining all essential techniques required to implement this model. The Zero-Trust Application managed service, included in our solutions, combines a range of technologies (artificial intelligence, machine learning, and deep learning) to protect endpoints in any IT ecosystem.
It achieves this by automatically monitoring all processes executed on the system detecting any type of abnormal activity, reacting to it, and eliminating the threat before it can act. The service classifies billions of events so that cyber resilience results in protection.
In addition, the Zero-Trust Application service scans any software that is about to be run, even if it is part of an internal system or has hitherto been trusted. To do this, the solution checks the behavior of the software, to ensure that only applications that have proven to be secure after analysis are allowed to run on endpoints. Thanks to this, any malware-based cyberattack will be thwarted. This combination of technologies will also be able to avert any Living off the Land attack, as no software is trusted blindly.
Cytomic Orion opts for a Zero Trust policy as the only valid approach to cybersecurity in enterprise environments without affecting day-to-day business activity, combining technologies for detecting and reacting to anomalies with the human experience of experts in advanced cybersecurity.