Before the advent of gunpowder, castle or city walls were the primary means of defense. The taller and thicker the wall, the longer a city or castle could stand against a siege. The enemy eventually lost due to attrition. Disease, starvation, and desertion reduced the enemy’s numbers until the threat simply died away.
This all changed with the introduction of gunpowder. An explosive charge capable of breaking through a wall, or causing damage when hurled over a wall forever changed the dynamics of war. Disease, starvation, and desertion were no longer sufficient to deter an enemy. Cities and castles had to adopt an active defense posture to battle this new technology.
This analogy is commonly applied to cyber defense. It is no longer sufficient to build walls around an organization’s IT infrastructure. A strong cyber defense is active. It operates from the principle that the organization has already been compromised; that there is at least one computer within the walls that is infected and under the control of the enemy.
The infection may have occurred while the computer was connected to the corporate network, or may have been contracted while traveling. It may have come in via the network port or from a USB drive – the details are not important. What is important is that the infected machine be discovered and quarantined as quickly as possible. This requires the defense to focus on the later stages of a cyber-attack, namely: post-infection callbacks and data exfiltration.
The active cyber defense must be able to identify and distinguish between legitimate network traffic and malicious data exfiltration; between a normal web site visit and a post-infection callback to a command and control server. To be effective, false positives must be eliminated and alerts can only be generated when a true threat is present. (A browser toolbar selling Viagra is in a completely different category than a hidden browser helper object that adds fields to login pages to steal credentials).
To achieve these goals the SlashNext Cyber Defense System utilizes a purpose built infrastructure to actively gather information on worldwide threats and the hacker groups behind these threats. We track their movements and correlate the intelligence we gather with deep knowledge of the network protocols emanating from your network. The result is what we believe to be the world’s most advanced APT and malware detection capabilities.