Attackers only have to get it right once: Defenders 100% of the time!

By John Reeman | December 11, 2024 |
Defenders have to get it right 100% of the time: Attackers only Once

๐€๐ญ๐ญ๐š๐œ๐ค๐ž๐ซ๐ฌ ๐จ๐ง๐ฅ๐ฒ ๐ก๐š๐ฏ๐ž ๐ญ๐จ ๐ ๐ž๐ญ ๐ข๐ญ ๐ซ๐ข๐ ๐ก๐ญ ๐จ๐ง๐œ๐ž, ๐๐ž๐Ÿ๐ž๐ง๐๐ž๐ซ๐ฌ ๐ก๐š๐ฏ๐ž ๐ญ๐จ ๐ ๐ž๐ญ ๐ข๐ญ ๐ซ๐ข๐ ๐ก๐ญ 100% ๐จ๐Ÿ ๐ญ๐ก๐ž ๐ญ๐ข๐ฆ๐ž!

Do defenders really have to get it right 100% of the time though? ๐Ÿค”

Iโ€™ve heard this phrase so often over the last decade and sometimes by people who should know better, ๐ข๐ญโ€™๐ฌ ๐ญ๐ข๐ฆ๐ž ๐ญ๐จ ๐œ๐š๐ฅ๐ฅ ๐๐’ ๐จ๐ง ๐ญ๐ก๐ข๐ฌ! ๐Ÿ’ฉ

Its true attackers do have the element of surprise to a certain extent and can attack at any time using any means possible.ย  But the reality is for the most part they are opportunists and if you have:

๐Ÿ”ต solid cyber security foundations
๐Ÿ”ต a layered approach to trip up an attacker
๐Ÿ”ต monitoring and alerting in place that is effective
๐Ÿ”ต automated blocking in place for the most nefarious activities

You will identify and stop most attacks from happening.ย  If you have the ability to go further and use:

๐ŸŸข an assumed breach mindset
๐ŸŸข proactive threat hunting
๐ŸŸข incident response techniques (DFIR)

๐“๐ก๐ž๐ง ๐ญ๐ก๐ž ๐š๐ญ๐ญ๐š๐œ๐ค๐ž๐ซ ๐œ๐š๐ง๐ง๐จ๐ญ ๐ก๐ข๐๐ž.ย  In your own organisation think about the layered defences you already have.

As an example, you should have a perimeter email gateway with policies and controls in place to detect malware, spam, phishing emails.ย  You should also have a next generation Firewall in place that performs further checks and prevents bad traffic from entering your enclave.ย  You then might have network monitoring, intrusion prevention systems and finally endpoint detection and response.ย  Hopefully some of these components are monitored with the right alerting in place to pick up those attacker behaviours as they make their way in and around your network.

Like any crime scene attackers will leave breadcrumbs that can be easily found if you know where to look.ย  Getting those breadcrumbs into your security operations strategy mix and alerting mechanisms isnโ€™t always easy, but will go a long way to shifting the balance back in you the defenders favour.

So you donโ€™t have to be perfect because neither is your attacker, after all they are only human and can trigger anyone of the controls or alerts you have in place.ย  The trick you must have though is to be smarter and outwit them.ย  ๐ŸŽฏ๐Ÿ›ก๏ธ

๐–๐ก๐š๐ญ ๐๐จ ๐ฒ๐จ๐ฎ ๐ญ๐ก๐ข๐ง๐ค?

Posted in Cyooda Security

Leave a Comment