We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organization looking to both protect business operation critical assets.

Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organization is safe from innovative cyber threats.

Security solutions enterprises

Organizations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe

The evolving threat space means organizations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organizations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe.

As there is no one silver bullet that truly stops all cyberattacks, organizations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analyzing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently.

Traditional security approach

In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools.

CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognize we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion.

Sophisticated cyber weapons

Actors tend to use a simple trial and error technique where they test the organization's network

So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organization’s defenses, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organization's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability.

This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed.

Helping organizations to stay ahead of threats and gain visibility into unknowns
Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam

Malicious Behavior

Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organizations to stay ahead of threats and gain visibility into unknowns.

Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behavior on your network and can prioritize threats for SOC teams for faster remediation.

In-Depth knowledge

Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organizations can best defend themselves from real-life threats.

Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done.

Next-Generation solutions

When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organizations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organizations try to adhere to this rule.

As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions.

Behavioral analytics

The solution can then know when to remove an adversary before a breakout occurs

Behavioral analytics and machine learning capabilities identify known and unknown threats by analyzing unusual behavior within the network. These have the ability to provide an essential first line of defense, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs.

Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organizations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organization cannot live without as adversaries enhance and alter their strategies.

Adversaries continue to develop new ways to disrupt organizations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organizations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organizations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.

Download PDF version Download PDF version

Author profile

John Titmus Director, Sales & Solution Engineering - EMEA Region, CrowdStrike

In case you missed it

The Automated Future Of Retail And How To Secure It
The Automated Future Of Retail And How To Secure It

While the foundation of autonomous retail has been built up over the past few years, it is only now that retailers are beginning to fully experiment with the technology. There were an estimated 350 stores globally in 2018 offering a fully autonomous checkout process, yet this number is forecast to increase dramatically with 10,000 stores anticipated by 2024. This acceleration in the growth of unmanned retail stores has, in part, been boosted by the COVID-19 pandemic and a demand for a more contactless, socially distanced shopping experience. Physical security technologies Innovative physical security technologies can play a significant role in protecting a site while supporting its operation Many retailers are now exploring such solutions as a way to streamline their services and simplify store operations while reducing overheads. Of course, the security of unmanned sites is a concern, with many eager to embrace such a design, but wary about the prospect of leaving a store unguarded. This is where innovative physical security technologies can play a significant role in protecting a site while supporting its operation and also helping to improve customer experience. Comprehensive integrated solution To make the autonomous retail vision a reality, a comprehensive solution is needed that integrates network cameras, IP audio speakers, and access control devices. The cameras can be employed to monitor entrance points and sales areas, including checkout terminals, and can be monitored and operated remotely from a central control room. This offers management full visibility of operations, regardless of the number of stores. Recorded video material can be processed, packaged, and passed to authorities, when necessary, by applicable laws. Optimizing operations As autonomous stores do not require staff to be present and run largely independently, managers can be notified automatically via mobile device if an event occurs that requires their attention. This could range from a simple need to restock popular items or clean the premises after a spillage, to a criminal break-in or attack. Again, network video surveillance cameras installed inside and outside of the premises provide high-quality video of any incident as it occurs, enabling immediate action to be taken. Improving customer experience Access control mechanisms at the entrance and exit points enable smooth, touch-free access to customers Access control mechanisms at the entrance and exit points enable smooth, touch-free access to customers, while IP audio speakers allow ambient music to be played, creating a relaxed in-store atmosphere and also offering the ability to play alerts or voice messages as required. Due to the automated nature of such audio broadcasting, consistency of brand can be created across multiple locations where playlists and pre-recorded voice messages are matched in terms of style and tone from store to store. Boosting profits The accessibility of premises 24/7 can ultimately lead to an increase in sales by simply allowing customers to enter the store and make a purchase at any time, rather than being restricted by designated retail hours. This also serves to improve customer loyalty through retail convenience. Utilizing data from the access control system, managers can configure lights to turn on/off and ambient music to power down when the last person leaves the shop, to be reactivated the next time someone enters the premises. This approach can also conserve energy, leading to cost savings. Designing a future proof solution The threat of vandalism is greatly limited if everyone entering the shop can be identified, which is something that is already happening in Scandinavia using QR codes linked to an electronic identification system called BankID. This process involves a user being identified by their bank details, and their credentials checked upon entering the store. This not only streamlines the transaction process but vastly improves security because only those who want to legitimately use the services will go through the identification process, helping to deter antisocial or criminal behavior. Physical security technology should be reliable and of high quality, without compromising the service to customers VMS-based network solution Both inside and outside of the premises, physical security technology should be reliable and of high quality, without compromising the service to customers, or hampering their experience. Door controls, network cameras, and loudspeakers, together with a comprehensive video management system (VMS), enable retailers to control every element of their store and remove any uncertainty around its management or security. Such a system, network-enabled and fully scalable to meet ongoing business requirements, can be offered using open APIs; this allows configuration and customization while ensuring that the retailer is not limited by the technology or tied into any particular set-up or vendor as their requirements evolve. Additional security benefits As more businesses launch their unmanned stores, the benefits of such technology to streamline and improve every aspect of their operations become ever clearer. A comprehensive solution from a trusted security provider can bring complete peace of mind while offering additional benefits to support the retail business as it seeks a secure future.

Safety In Smart Cities: How Video Surveillance Keeps Security Front And Center
Safety In Smart Cities: How Video Surveillance Keeps Security Front And Center

Urban populations are expanding rapidly around the globe, with an expected growth of 1.56 billion by 2040. As the number of people living and working in cities continues to grow, the ability to keep everyone safe is an increasing challenge. However, technology companies are developing products and solutions with these futuristic cities in mind, as the reality is closer than you may think. Solutions that can help to watch over public places and share data insights with city workers and officials are increasingly enabling smart cities to improve the experience and safety of the people who reside there. Rising scope of 5G, AI, IoT and the Cloud The main foundations that underpin smart cities are 5G, Artificial Intelligence (AI), and the Internet of Things (IoT) and the Cloud. Each is equally important, and together, these technologies enable city officials to gather and analyze more detailed insights than ever before. For public safety in particular, having IoT and cloud systems in place will be one of the biggest factors to improving the quality of life for citizens. Smart cities have come a long way in the last few decades, but to truly make a smart city safe, real-time situational awareness and cross-agency collaboration are key areas which must be developed as a priority. Innovative surveillance cameras with integrated IoT Public places need to be safe, whether that is an open park, shopping center, or the main roads through towns Public places need to be safe, whether that is an open park, shopping center, or the main roads through towns. From dangerous drivers to terrorist attacks, petty crime on the streets to high profile bank robberies, innovative surveillance cameras with integrated IoT and cloud technologies can go some way to helping respond quickly to, and in some cases even prevent, the most serious incidents. Many existing safety systems in cities rely on aging and in some places legacy technology, such as video surveillance cameras. Many of these also use on-premises systems rather than utilising the benefits of the cloud. Smart programming to deliver greater insights These issues, though not creating a major problem today, do make it more challenging for governments and councils to update their security. Changing every camera in a city is a huge undertaking, but in turn, doing so would enable all cameras to be connected to the cloud, and provide more detailed information which can be analyzed by smart programming to deliver greater insights. The physical technologies that are currently present in most urban areas lack the intelligent connectivity, interoperability and integration interfaces that smart cities need. Adopting digital technologies isn’t a luxury, but a necessity. Smart surveillance systems It enables teams to gather data from multiple sources throughout the city in real-time, and be alerted to incidents as soon as they occur. Increased connectivity and collaboration ensures that all teams that need to be aware of a situation are informed instantly. For example, a smart surveillance system can identify when a road accident has occurred. It can not only alert the nearest ambulance to attend the scene, but also the local police force to dispatch officers. An advanced system that can implement road diversions could also close roads around the incident immediately and divert traffic to other routes, keeping everyone moving and avoiding a build-up of vehicles. This is just one example: without digital systems, analyzing patterns of vehicle movements to address congestion issues could be compromised, as would the ability to build real-time crime maps and deploy data analytics which make predictive policing and more effective crowd management possible. Cloud-based technologies Cloud-based technologies provide the interoperability, scalability and automation Cloud-based technologies provide the interoperability, scalability and automation that is needed to overcome the limitations of traditional security systems. Using these, smart cities can develop a fully open systems architecture that delivers interoperation with both local and other remote open systems. The intelligence of cloud systems can not only continue to allow for greater insights as technology develops over time, but it can do so with minimal additional infrastructure investment. Smart surveillance in the real world Mexico City has a population of almost 9 million people, but if you include the whole metropolitan area, this number rises sharply to over 21 million in total, making it one of the largest cities on the planet. Seven years ago, the city first introduced its Safe City initiative, and ever since has been developing newer and smarter ways to keep its citizens safe. In particular, its cloud-based security initiative is making a huge impact. Over the past three years, Mexico City has installed 58,000 new video surveillance cameras throughout the city, in public spaces and on transport, all of which are connected to the City’s C5 (Command, Control, Computers, Communications and Citizen Contact) facility. Smart Cities operations The solution enables officers as well as the general public to upload videos via a mobile app to share information quickly, fixed, body-worn and vehicle cameras can also be integrated to provide exceptional insight into the city’s operations. The cloud-based platform can easily be upgraded to include the latest technology innovations such as license plate reading, behavioral analysis software, video analytics and facial recognition software, which will all continue to bring down crime rates and boost response times to incidents. The right cloud approach Making the shift to cloud-based systems enables smart cities to eliminate dependence on fiber-optic connectivity and take advantage of a variety of Internet and wireless connectivity options that can significantly reduce application and communication infrastructure costs. Smart cities need to be effective in years to come, not just in the present day, or else officials have missed one of the key aspects of a truly smart city. System designers must build technology foundations now that can be easily adapted in the future to support new infrastructure as it becomes available. Open system architecture An open system architecture will also be vital for smart cities to enhance their operations For example, this could include opting for a true cloud application that can support cloud-managed local devices and automate their management. An open system architecture will also be vital for smart cities to enhance their operations and deliver additional value-add services to citizens as greater capabilities become possible in the years to come. The advances today in cloud and IoT technologies are rapid, and city officials and authorities have more options now to develop their smart cities than ever before and crucially, to use these innovations to improve public safety. New safety features Though implementing these cloud-based systems now requires investment, as new safety features are designed, there will be lower costs and challenges associated with introducing these because the basic infrastructure will already exist. Whether that’s gunshot detection or enabling the sharing of video infrastructure and data across multiple agencies in real time, smart video surveillance on cloud-based systems can bring a wealth of the new opportunities.

How Important Will Body-Worn Cameras Be Moving Forward?
How Important Will Body-Worn Cameras Be Moving Forward?

The death of Michael Brown at the hands of police in Ferguson, Missouri, in August 2014, highlighted to the public, the importance of body-worn cameras. There was no bodycam footage of the Ferguson tragedy. Arguably, it would have shed additional light on the shooting. Since then, body cameras have become a tangible legacy of Ferguson, Missouri. Bodycam footage is seen as providing greater accountability and ensuring an impartial record that can support, or debunk, any claims of police misconduct. Body-worn cameras are also finding their way into broader usage, even including customer service applications. We asked this week’s Expert Panel Roundtable: How important will body-worn cameras be moving forward?