Changing the Game: Adaptive Defense

Date:   Thursday , December 04, 2014

FireEye (NASDAQ: FEYE) is a network security company that provides automated threat forensics and dynamic malware protection against advanced cyber threats. This California headquartered company has a current market cap of $4.99 billion.

In the world of network security organizations are often so busy reacting to the latest attack that there\'s no time to do anything except try to keep up. But things change, and it\'s time that incident response adapts too.

For years, attackers have penetrated even the most secure organizations. Despite having the latest technology and top-notch personnel in place to prevent breaches, threat actors have managed to find ways to successfully infiltrate networks. Somehow, they\'ve always stayed a step � or sometimes more � ahead, exploiting weaknesses we didn\'t know were there. These attackers are stealthy, well-funded and dynamic. As a result, they are able to adapt their strategies to overcome even the tightest security measures.

To counter a fast moving adversary, we need to change our approach to protecting data - enter Adaptive Defense.

Not a product or a marketable commodity, adaptive defense is a new approach that can advance the speed and effectiveness of security programs. It\'s a strategy to help companies shrink their target surface and shorten the \"alert-to-fix\" cycle - all in an effort to minimize damages from successful breaches.

Does it offer perfect security? No. There\'s no such thing. But it is a tremendous step forward for cyber security. Combining effective security programs and targeted strategies, an adaptive defense includes preventive measures, advanced detection capabilities, threat intelligence, and a fluid process to adapt as threats emerge.

A Two-pronged Solution

An adaptive defense strategy approaches security from both a detection and response perspective. Situational awareness has to be part of the solution. With the abundance of Advanced Persistent Threats (APT) in today\'s cyber landscape, the potential for attack is evident every day. Multi-stage and multi-vector attacks are easily able to evade traditional defenses, making it essential that organizations can capture and confirm breaches to minimize their threat.

Even organizations with well-maintained perimeter defenses need the technology and tools to identify a security incident as soon as it happens. A scalable solution that alerts and even stops network-based attacks has to be a core part of any adaptive defense system. Blended, targeted attacks that utilize multiple protocols - whether they are web-based, spear phishing emails or zero-day exploits - challenge even the best SOCs to detect them.

But knowing a breach has occurred is only half of the answer. Once a threat is detected, companies need to be able to respond rapidly to contain the threats. IT security teams depend on forensics to investigate and analyze an attack and quickly determine how to respond. Security analysts need time to investigate the scope of the breach. And while all of that is occurring, hackers are stealing information. Longer response times means more vulnerability for data.That\'s why it\'s so important to shorten the timeframe between \"alert\" and \"fix.\"

As part of the response, information is essential. Threat intelligence - from who the threat actors are, to the kind of malware used, to possible motives - helps organizations search for the attackers and thwart future attacks. Context drives counteraction. Accurate and actionable situational awareness helps security teams determine whether a threat is real and how best to respond. Security professionals not only need the time and tools to discover an attack, but they also need to understand its nature to respond with the greatest chance of resolution.

Moving Forward

The best defense is the one you don\'t need to use. But having an adaptive defense strategy means bringing together key elements of network security for the best possible advantage against the world of cyber attackers. It combines the strengths of incident response with the best technology to better manage network security. It also represents the totality of the security problem our world is facing. When we can prevent and detect attacks from bypassing defensive tools, and when we can contain the breaches that infiltrate even the most secure systems, we\'ve changed the game plan. We\'ve gone from defense to offense. And that\'s a winning strategy.