Connect with us

Hi, what are you looking for?


Network Security

How to Make Adversaries Work Harder, While We Work Smarter, in 2018

2018 Should Not Be Another Year Where Attackers Continue to Exploit the Known

2018 Should Not Be Another Year Where Attackers Continue to Exploit the Known

It sounds somewhat disheartening, but 2017 may go down in history as “the year of exploiting the known.” From the WannaCry campaign to the Equifax breach to the rise in spam and phishing, the trend may continue. Gartner predicts that through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year. Meanwhile, Cisco reported mid-way through the year that global spam is on the rise as adversaries return to email – a method we’ve known about for years – to distribute ransomware and malware. The 2017 Verizon Data Breach Investigations Report (VDBIR) corroborates this assessment, finding that social attacks were used in 43% of all breaches and were executed primarily through phishing.

As 2017 winds down, now is the time to take stock and determine how we can do better. Whether that means identifying gaps in our approach to security that need to be filled, or making better use of the capabilities we do have, there’s a lot at our disposal to prevent adversaries from using known methods to steal, disrupt or damage what’s not theirs. Here are three steps to help you reevaluate and make sure your entire security infrastructure is operating more efficiently and effectively. 

1. Inventory. Understand the landscape of the security tools you have. This sounds fairly obvious, but don’t underestimate the level of effort this may take. Most companies have pursued a defense-in-depth strategy – layering defenses so that if one fails, another layer is there to stop the attack. Further complicating the task, different teams and departments may have acquired their own tools over time. If you’re in this group, then it isn’t uncommon to be grappling with 40+ security products and vendors in 40+ silos. Take an inventory of all these different point products and go a step further to understand who across your organization is using them (security operations, networking, threat intelligence, incident response and risk management) and how they are being used. This will help you know if you are taking full advantage of your existing security investments – not just technology, but people too. 

2. Identify. Now you can identify the gaps in your security approach and the capabilities you need to put into place to fill those gaps. The key here is to view security as an overall system in which all the elements – people, processes and technologies – are working in concert. Start by looking at each of your different teams and if they are accomplishing what needs to be done. If not, it could be a matter of reprioritizing so that they are focused on what matters most to your organization based on your risk profile. Be mindful that your existing people are essential to your operations and with the talent shortage you need to devise ways to get more from the team you have. They must be empowered with the right processes and tools to execute against priorities. Consider automating processes within existing workflows to reduce the level of repetitive or administrative tasks. This will free up analysts to work on more strategic and meaningful aspects of threat defense. Reevaluate any security technologies you haven’t upgraded in the last few years. Just as threats continue to evolve so do the technologies to defend against them. 

3. Integrate. Many gaps in security are due to an inability for disparate technologies to share information. Integration is key to making sure you get the most from your technology investments. Here’s where a threat intelligence platform (TIP) can help. Not only does a TIP serve as a central repository to aggregate external and internal threat and event data, it also allows you to analyze, contextualize and prioritize it for action. This is particularly useful in determining which vulnerabilities pose the greatest risk and should be patched first. It also enables you to share the right intelligence with the right tools at the right time. In effect, it becomes the glue to integrate layers of defense. It can automatically send your curated threat intelligence directly to your sensor grid, including firewalls, IPS/IDS, routers, endpoint, and web and email security (in the case of spam) so all are synchronized and defending together. You can act quickly upon the most relevant threats facing your organization to reduce risk now and in the future.

There’s no reason that 2018 should be another year where attackers continue to successfully exploit the known. By taking an inventory of your security landscape, identifying the gaps, and integrating your solutions so that people, processes and technologies are working in concert, you can make adversaries work harder, while you work smarter.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet