Blog

Protect Against Advanced Cyber Threats

Cyber threats can quickly lead to knockouts when organizations are not prepared

Based on the 8 Rules of Fight Club, to ensure you are ready for any cyber ring match follow these rules:

1) You DO NOT talk about the fight ...

Your executive wants updates on the status of the advanced threat in your Network.

What NOT to do: Send an email as soon as possible with a summary to your management.

What to do: Use out of band communication instead of relying on your compromised infrastructure. Threat actors are IN your environment….they can see what you say about them. They can screen shot what you are talking about….and will adjust their intrusion tactics.

Get help in the ongoing fight against the adversary

2) You DO NOT talk about the fight...until it is over

You found the threat group. Your security team is proud and wants to spread the word.

What NOT to do: Share your findings publicly to enhance public perception through marketing buzz.

What to do: Don't publicly share any information until the fight is completely over. Threat groups are monitoring the Internet for any information that will help them hone, tweak, and enhance their tactics to avoid detection.

No matter your weight class, you don't have to brawl alone

3) Someone yells stop, goes limp, taps out, the fight is over

You evict the threat actors - things seem to be quiet and calm.

What NOT to do: Go back to normal business. The fight was won and all threats are no longer a risk to your business.

What to do: It is important to always monitor for re-entry attempts. Threat groups are often persistent. Many times they are willing to stay quiet, play dead and hope that you won't suspect a revisit. But they will come back....with a vengeance.

Keep re-entry attempts on the ropes

4) Only 2 to a fight...

Your organization may be collateral damage. You are a victim of a security breach.

What NOT to do: Assume that the threat group's intent was to steal your company's sensitive data.

What to do: It is important to understand the intent of the threat group to better prepare for the appropriate steps to defend against them. Your company could be collateral damage from a threat group targeting someone or something different that is linked or adjacent to your organization.

The right intel will prepare you for the next punch

5) One fight at a time...

You investigate and learn that there are multiple threat groups inside your network.

What NOT to do: Apply the same remediation tactics to all of the observed threat groups.

What to do: Tailoring your response with different operating procedures leads to a more effective eviction. A "one size fits all" approach to the eradication and eviction process doesn't address the uniqueness of each threat group.

Don't throw a haymaker and hope it lands. Hone your battle strategy

6) No shirt, No shoes, No RATs

You assume that an adversary will access your environment using a remote access tool.

What NOT to do: Rely on your existing technology to monitor for malware.

What to do: It is important to monitor for anomalous user activity. Many times threat actors leverage legitimate remote access solutions to gain access to the environment. This makes detecting malicious activity much more difficult because the adversary is masquerading as a legitimate user.

Knowing what punches to watch for is half the battle

7) The fight will go as long as it has to...

The threat actor was in and out without you even knowing it. The damage was done by the time you tried to respond. The fight is already over.

What NOT to do: Panic and assume the adversary is still operating in your environment.

What to do: It is important to scope the activity to understand at what point in the fight you are getting involved. Your response will change based on whether the fight just started, has ended, or is ongoing.

Avoid a sucker punch. Parry evolving strikes in real-time

8) If this is your first night in this type of fight, you have to fight

You are under attack by an advanced threat actor.

What NOT to do: Assume that your normal mitigation plan will be effective.

What to do: It is better to act with urgency and fight rather than assume traditional security controls will keep you safe. You may just be seeing the tip of the iceberg.

Knock out the adversary with these insights


ABOUT THE AUTHOR
SECUREWORKS

Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world detection data, security operations expertise, and threat intelligence and research. Taegis is embedded in the security operations of thousands of organizations around the world who use its advanced, AI-driven capabilities to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
Back to all Blogs

GET THE LATEST SECURITY UPDATES

Thank you for your submission.

Try Taegis Today

Request a demo to see how Taegis can reduce your risk, optimize your existing security investments, and fill your talent gaps.