ANSECT Cyber Security Approach
Although there are indeed a great many new and promising technologies now being offered, there are also still far too may unsubstantiated claims being made by the makers of a large number of cyber security products in the market place today, both the old and the new
As a result, we prefer to focus on those manufacturers who actually have the courage to disclose what is really going on under the hood and just how they work; including the in-depth details of the technologies and the math involved in the design of their solutions, and exactly how their products actually get the job done when deployed in the field.
And, since it has been the accepted consensus for a number of years now, that traditional signature based security products are simply no longer effective, we freely admit to having become fans of some of the next gen behavior based security offerings, which now employ varying degrees of machine intelligence in order to accomplish their tasks. However, not all forms of machine intelligence are created equal, and with the passage of time, it is now becoming increasingly clear that some of these products are proving to be far more effective than others, despite the media proclamations and marketing spin that’s often involved.
Therefore, now more than ever, we prefer to remain very much product agnostic when selecting these sorts of solutions. Relying instead, on as much independent technical testing evidence as we can get our hands on first, before finally deciding which horse to back.
We also completely understand that no single security product can ever hope to fully compensate for a poorly designed network, insecure architecture, ill prepared security posture, non existent recovery plan, out of date backups or inadequate training. So, regardless of any additional product recommendations eventually suggested on our part, we also continue to advocate for the practical use of many of the already proven, tried and true approaches required in order to construct and maintain a solid network foundation, which can then be safely built upon.
This includes the use of such things as a zero trust network architecture if possible, a layered security or defence in depth approach, and the deployment of a number of the still necessary traditional perimeter defences such as NGFW’s and IPS’s etc, in order to keep the honest people honest. In addition, we highly recommend putting together properly tested and proven disaster recovery and breach recovery plans, that are not just designed to get the auditors off your back, but will also actually work when the chips are down.
It is useful to keep in mind that, even though the conventional wisdom might be that a good number of the serious threat actors these days have now decided to resort to more effective and sophisticated, socially engineered and custom written phishing exploits, instead of wasting too much of their time attempting the classic frontal assaults; that these aforementioned traditional perimeter defence products must also still continue to be upgraded nonetheless, in order to reduce the overall attack surface and help decrease the odds of conventional penetration.
However, given this undeniable change in the popular choice of attack vectors, designed to simply jump over your castle walls, it has also now become exceedingly clear that a fresh approach to cyber defence is obviously required.
Specifically with respect to the replacement of those old style, out of date, and now virtually useless endpoint and desktop AV products you likely still have installed; replacing them with something designed to work completely differently than before, and to be far more effective instead.
And secondly, with the addition of some sort of mandatory and complimentary, purpose-built APT detection solution, capable of providing much more positively verified alerts, without generating excessive amounts of false noise; specifically deployed in order to then catch, and help you stop the damage initiated by malware that has still managed to get by your best perimeter defences.
The reason for this second choice has now become an almost dead simple justification for most. With the often spectacular reports of catastrophic corporate security failures described in the media almost every month now, it has also become abundantly clear that given the evidence, virtually no one working in the field today can possibly claim with any degree of confidence, that they are absolutely certain that their networks have not already been breached, despite their best efforts. This is especially disconcerting when what is almost always eventually discovered and reported in these cases, was that their systems actually were indeed already significantly compromised, and for quite some period of time, but they just didn’t know it yet.
As a result, given these kinds of difficult and painful admissions, most organizations have now come to the stark realization that they are simply no longer financially prepared to handle the true costs of these kinds of devastating attacks. Costs which in some cases, have the potential to actually cripple or sink the entire company altogether.
Simply put, the basic cost of deploying virtually any of the recognized defensive solutions which are now available today, has always proven to be far less expensive than the private and public costs associated with any significant breach, and the subsequent cleanup costs which must then follow. This is why most savvy CISO’s these days have now decided to rethink their approach, and refocus their efforts not just on prevention, but also on solutions able to provide for continuous detection of malware infections that have still managed to get by all of their other defences. To the majority, this seems a far better alternative than risking instead simply becoming the next convenient fall guy to blame, as part of the latest sensational news story, and then being forced to resign in disgrace.
However, there are still a good number of additional security challenges which continue to need to be addressed as well.
However, in each of these cases, and indeed for many more, as they say in the wireless world, “there’s an app for that”.
So, to that end, here is a list of “some” of the individual security solutions and technologies that we are currently able to provide;
ANSECT Cyber Security Portfolio