Often times you hear of people wondering exactly why so many security agents and tools are required on computer systems these days. Threat actors have evolved their methods over the last several years to utilize more advanced intrusion methods that require multiple layers of defense, also known as “defense in depth”. Let’s take a brief look at how a typical intrusion happens.
Most cyber-attacks begin with a phishing attempt via e-mail. A phishing e-mail is one that attempts to get an end user to click a link or open an infected e-mail attachment. These e-mails will normally be composed in a way that makes the reader believe that it is a legitimate e-mail message. It is extremely important to utilize caution when clicking on links or opening attachments in e-mail messages from individuals you don’t recognize or weren’t expecting. In most cases it only takes one person, a “patient zero” if you will, for an outbreak to begin.
Once a system is infected it will, either on its own or with instructions from a group of attackers, attempt to spread. This can occur via several methods including stolen administrative credentials and operating system or application vulnerabilities. Infected systems may sit quietly without attempting any malicious activity or actively being attempt to capture data, passwords, etc. The goal of an attacker is to gather as much information as they can without getting caught.
Normal anti-virus protection isn’t enough because most malicious code is what’s known as “zero-day”, meaning that the code was generated the same day it was utilized. Today, companies use numerous tools installed on computers to help combat these types of attacks. Modern day security tools monitor registry and operating system file changes. While these tools may have some impact on the performance of a workstation, they are an extremely valuable resource in being able to detect an infection and decrease response time.
At the end of the day one thing we all have to remember, being a part of any industry, is that protecting our intellectual property is ultimately protecting our customers and fellow employees.
All Arc, All the Time 