Story image

CrowdStrike compiles 'casebook' of cybersecurity's important lessons

11 Dec 17

CrowdStrike has compiled a ‘casebook’ of some of cybersecurity’s important lessons on the subjects of state-sponsored attacks, fileless malware, mean-time-to detect - and the ultimate finding that organisations are getting better at self-detection.

The company’s annual Cyber Intrusion Services Casebook looks at attack tactics, techniques, procedures and the state of breach readiness across various industries.

According to CrowdStrike Services CSO and president Shawn Henry, organisations need to be aware of emerging attack trends and techniques so they can implement best incident response strategies.

With cybersecurity becoming a core business issue, CEOs and business leaders need to improve their ability to anticipate threats, mitigate risks, and prevent damage in the wake of a security-related event,” he explains.

The casebook found that the average time between the first evidence of a compromise and its initial detection was 86 days. The company says that the longer an attacker can ‘dwell’ in an environment, the more opportunity that attacker has to find, exfiltrate and destroy data or operations.

However, organisations are getting better at detecting attacks internally. In 68% of the reviewed cases, the affected organisations were able to internally identify the breach – up from 11% over previous years.

The casebook also suggests that nation-state sponsored attacks and other cybercriminals are starting to merge.

“Both threat groups increasingly leverage similar tactics such as fileless malware and “living off the land” techniques involving processes native to the Windows operating system, including PowerShell and WMI (Windows Management Instrumentation),” the company says.

The casebook found that attack trends towards fileless malware, such as those that execute code from memory, made up 66% of all attacks. This category also includes credential theft for remote logins.

 “Based on the CrowdStrike Services team’s extensive experience, this Casebook informs not only security professionals, but also executives, boards of directors and shareholders on how to prepare for and respond to intrusions in a more effective manner,” Henry continues.

CrowdStrike states that organisations must improve their resiliency if they are to protect against sophisticated threat actors.

“Relying on traditional security measures, tools and approaches is no longer effective in the face of modern cyber threats. As attacks continue to become more sophisticated and prolific, organizations must evolve their security strategies to proactively prevent, detect and respond to all attack types, including fileless malware and malware-free attacks," the company states.

In August 2017 CrowdStrike announced expansion into the Asia Pacific market.

“The CrowdStrike Falcon platform delivers to customers maximum protection against modern-day threats, along with best-in-class performance, efficacy, and efficiency,” commented CrowdStrike APAC vice president Andrew Littleproud.

“This powerful combination has allowed us to set a new standard in endpoint security, which is driving incredible momentum in our sales across APAC. We are excited to expand our presence in APAC countries and will continue to invest within the region throughout the rest of 2017.”

The company opened its APAC headquarters in 2017. Since then, the company has made strategic hires to continue its investment in the region.  

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.