As we round the middle of 2019, one thing is certain. Breaches are still occurring, infections are still happening and the industry is still largely trying it's best to keep from incurring the cost of cyber security related activity. The team at Jigsaw Security has been busy updating our big data infrastructure, updating our MISP & TAXII server instances and has begun sharing data on an unprecedented level. So why are breaches still occurring?
Outdated Security Products
Many of the products in use by corporate network defenders are legacy Internet based products. These products cannot account for the types of attacks being carried out by today's hackers. Most products we encounter when reviewing security policies are based solely on IP address, domains, hashes and the list (very specific details and mostly Indicators of Compromise). The products we see in use are not good at self identifying payloads. Technology that we have in place that is used by NATA and US Government agencies is providing much more flexible data matching to malicious events which is known as pattern and binary matching. In short, once we see an attack and match it to our library, the indicators of compromise can change forever and our technology will still detect it. This ensures that even on Non IP based and Non Internet connected networks, that we can still identify threats without using IOC's.
Outdated Security Models
Many of the companies we evaluate lately are using NIST or DISA guidance. While these recommendations have been in place for decade, the attack patterns and controls needed to truly keep networks safe and secure are not evolving. In many cases these network devices are ripe for the picking if they are attacked through non IP based methods (service attacks, operating system components and code manipulation). Most if not all of the security models are focused on IP based networks, organizations and policies but leave much to be desired. This is exactly why we incorporated the Jigsaw Threat Mitigation Model™ into our standardized method of protecting cyber security interest (see below).
As you will notice above, 4 of the 6 phases have nothing at all to do with cyber security and that's because many attackers use non cyber related methods to gain a foothold into organizations.
Fighting the wrong battles
While many companies are protecting their border with various levels of success and failure, Jigsaw takes the approach of letting the hackers into the network. What?! You see that's what attackers want. So give them what they want, direct them into controlled environments so you can actually see what data they are after. This deception strategy does two things very well, it ties up the hacker in a playground that Jigsaw controls, and it keeps them busy attacking fake systems while production systems continue to serve our (our your) clients. This bit of misdirection is key to understanding why you are being attacked in the first place.
Learn how Jigsaw Security protects networks through next generation defense to include heuristic pattern matching, deception and deflection. For more information ask your Jigsaw Security representative for a demo.
About Jigsaw Security
Jigsaw Security is a cyber security company based out of Norfolk, Virginia. The company provides integration and cyber security services to Government, critical infrastructure and the healthcare industry. The key to our success is our integration of big data technologies and automation to render attackers incapable of infecting your network resources by utilizing deflection and redirection techniques while monitoring for activity and collecting intelligence on the advesary.