Understand Your Organization Through an Adversarial Lens | Deloitte US has been added to your bookmarks.
Change the game: Understand your organization through an adversarial lens
Advanced cyber reconnaissance and analytics
Discover, analyze, and visualize unknown relationships within vast data collections to identify, respond to, or mitigate asset/infrastructure vulnerabilities.
Cyber reconnaissance is changing the game
Federal agencies are often challenged to secure “everything," looking to monitor and to detect vulnerabilities in an ecosystem of millions of lines of code; thousands of devices; and petabytes of data intermixed across continuously changing infrastructures, service providers, data centers, and endpoints. An adversary only needs to identify one vulnerability to gain access. By understanding the adversary’s perspective, an agency can “change the game,” shifting the focus to a strength based position; thereby, reducing the effectiveness of basic and advanced adversaries.
Cyber reconnaissance is designed to equalize the playing field by providing agencies with a high-resolution picture of its cyber landscape from the adversary’s perspective. This picture contains likely weaknesses, vulnerabilities, openings, activity, and nodes that contain risks and anomalous activity. Instead of examining every component of an agency’s internal enterprise, we change the perspective by increasing the volume of data and applying advanced analytics to provide a clearer view of risk, exposure, and malicious opportunity, leading to the discovery of not only the “risk profile," but also resolution and remediation efforts.
The Cyber threat landscape
The cyber threat continues to increase in scale and sophistication at an extraordinary rate. At one time, the most advanced cyber-attack tools and methods were restricted to a small handful of national players; now, more actors than ever, including nation-state actors and organized criminal enterprises, are developing highly-skilled resources and capabilities, or acquiring them through an expanding black market for illicit technologies, and activities.
In addition to the proliferation of highly-skilled threat actors, the technological landscape has evolved to make defense more challenging. Mobile devices have become an ubiquitous part of the enterprise landscape and are becoming a favored target for exploit. There is a marked increase in the development of exploit capabilities targeting mobile devices and infrastructure, and an accelerating rate of existing cyber threat tools and techniques being ported to mobile infrastructure. At the same time, more enterprises are allowing mobile devices to access a broader spectrum of enterprise applications and systems, including administrative systems providing access to privileged accounts.
Big data, cloud computing, and highly distributed enterprises are also evolving the threat landscape significantly, greatly increasing an enterprise’s potential surface area for attackers to compromise. These large surface areas are difficult to monitor and analyze effectively, leading to substantial blind spots that can be exploited. The increase in big data application and capability also radically changes the potential threat landscape; data is generated and stored at a much faster rate than it can be analyzed leaving open opportunities for malicious content to hide and maneuver undetected.
Also increasing is the insider threat; whether a disgruntled employee, malicious agent, hacktivist, or lone wolf, the insider threat represents one of the most difficult threats to discover prior to the damage being done. There are many motivations for insider threats but there are commonalities in how they operate, including a significant reliance on using accounts with elevated privileges to access systems and exfiltrate data. By their nature, privileged accounts have broad access making discovery of malicious activity much more difficult.
The ever expanding and evolving threat landscape requires organizations to change the game, and take a new approach to effectively to defend against our cyber adversaries.