Advanced malware is no longer the most dangerous enemy in the world of advanced threats. Instead, the new enemy is the attack campaign — a series of hidden events engineered to create chaos.
This is according to Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman, who says, “The new enemy is human orientated. Traditionally, infrastructure has been built to detect and respond to singular security events. However, these are unable to ‘connect the dots’ of network activity to uncover true threat context fast enough or with enough detail to take action.
“An attack campaign is not just an opportunistic attack aiming to compromise an endpoint, but rather a deliberately focused effort with a specific motive and mission, with the intention to persevere until the campaign’s successful conclusion. For example, an advanced persistent threat (APT) is a network attack in which an unauthorised person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organisation.”
Hamman says Arbor Spectrum is a new approach to finding and hunting down hidden advanced threats, and has been designed specifically for security teams. “Spectrum allows anyone in the security team, from the most senior responder to novice analysts, to search the entire network to uncover, investigate and prove sophisticated attack campaigns within minutes, not hours or days. This is in contrast to the average of 200 days that it usually takes to identify a hidden serious threat within the network.”
Hamman says that using Spectrum is like having a detective installed on your network. He clarifies, “Spectrum is not a security information and event management (SIEM) tool; rather, its presence complements the SIEM tool and helps you find threats a lot quicker. With SIEM tools, we get around 80 percent false positives. This means that these alerts take investigative time for many incidents that are later proven not to be an attack, while true threats hide within the noise and successfully explore your network at will.”
Hamman outlines the benefits of using Spectrum as including the following:
· Investigate 10x faster than with traditional forensics or SIEM
o Smart workflows and search capabilities to validate threats
o Complete view into threat indicators of all entities, inside and outside the network
· Scalable real-time packet and flow analysis to find present and past threat activity
o Unprecedented visibility and performance of flow and packet analysis
o Interactive Zoom/Pivot
o Accessible PCAP
o Search into all network conversations (days, weeks, months)
· Detect and connect threat conversations across the entire network, from the Internet to the internal network
o ATLAS Intelligence Indicators
o Custom, third party intelligence
Hamman concludes, “Many companies are putting up firewalls, but what about the internal threats to your network – those that emanate with people themselves through flash drives, e-mails, Excel folders and so on? Hidden threats can be internal, not just external. Mirai was a phishing e-mail, which bypassed all the firewalls. Today, malware is being overtaken by social media and, in the face of the human element playing an increasing role in attacks, you need a network ‘detective’ to combat this.
“That’s where Spectrum steps in: with unprecedented internal visibility, it finds your threats and alerts you to the problem. However, it does not fix it – for that you use different tools, such as Netscout InfiniStream Appliances. Spectrum allows you to see and search the entire network in real time; visualise attacks; contextualise intelligence; and ultimately neutralise threats.”
For more information about Arbor in Africa, please contact Bryan Hamman at firstname.lastname@example.org.