Securing networks at the weakest link is increasingly critical as newer working practices mean activity happens across a broader range of IT environments in and out of the office. Stormshield security solutions for network, endpoints and data take this into account.
SMARTER NETWORKS, SAFER ACCESS
When there are more devices that connect to a company’s core network – desktops and laptops, tablets, smartphones, printers and more – there are more potential points of access for attackers too.
With Stormshield security solutions, organisational security offers cyber threat intelligence, learn and adapting to changing contexts. Organisations can do more to:
- Reduce risk from mobility.
- Protect a more diverse IT estate.
- Cover off requirement for network, endpoints and data.
BY THEIR WORKS, YOU’LL KNOW THEM
Stormshield harnesses tried-and-tested approaches including the MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework.
This creates a comprensive data repository of cybercriminal tactics and techniques. The dynamic, 14-stage model delivers more granularity.
FOR ENHANCED SECURITY
Organisations can proactively improve their cybersecurity posture. And with Stormshield, security operations centre (SOC) operators and solutions professionals can easily associate different alert logs with elements in the repository – improving response efficiency.
Additionally, Stormshield methodology also draws from recognition of the cybercrime ‘kill chain’. This is about identifying and tackling attacks while learning about attacker operating methods and the overall attack surface.
By breaking any link in the ‘kill chain’, organisations can counteract a cyberattack.
- Reconnaissance: Choose the target – company, person, or component – and collect information. Identifying social facets, domains, sub-domains, other IP addresses and vulnerabilities that may be exploited.
- Weaponisation: Preparation of tools – such as malware – for an attack.
- Delivery: Send the tool – phishing email, infected USB stick, or malware payload – to the location where it can do the most harm.
- Exploitation: Activating the exploit through the relevant technical vulnerability, taking control of or damaging the target system.
- Installation: Consolidating access to the IT asset over time, for instance installing a back door on an infected machine.
- Command and Control: Establish communications between the compromised system and an external control server.
- Acting on the objectives: Actions such as data exfiltration or encryption of the electronic asset, as well as moving laterally, for instance to another machine. (Monetisation may follow).
Both approaches have been merged, combining design science and qualitative research methods to produce an even more granular 18-phase repository for identifying and fighting intrusions and attacks.
ENDPOINT PROTECTION IS CRITICAL
In today’s increasingly online, interconnected world, attack attempts and compromises of the network must be detected as early as possible. Ideally, everyone wants to stop a cyberattack before it reaches the final phase.
Endpoint detection and response (EDR) solutions have long been the go-to first response, now complemented by extended detection and response solutions (eXtended Detection & Response – XDR).
These work by aggregating and analysing all the data from an organisation’s infrastructure, from the network itself to the endpoint or terminal.
- Recognise and detect connection attempts.
- Identify file downloads.
- Analyse files in a sandbox to catch exploits.
- Analyse outgoing network traffic, stopping command-and-control threats.
Stormshield’s approach works both in IT and industrial/OT environments, including with firewalls and intrusion detection offerings, incorporating protocols, ports and the industrial control system.
Learn more about Stormshield security solutions – contact Team QBS.
Email us: sales@qbssoftware.com
Call us: +44 (0) 20 8733 7100