Cyber adversaries need knowledge of your network so they can spread progressively through the network to expand control over your IT systems, and ultimately grab your valuable data.
One infected device, the initial breach, is their starting point – but the real damage occurs when an intruder uses lateral movement within the network to discover and steal information.
Lateral movement refers to the various techniques attackers use to progressively assert control over a network as they search for key assets and data.
With 7,125,940 compromised records every day, 2,96914 compromised records every hour, 4,949 compromised records every minute and 82 compromised records every second, last year was a monumental year for data breaches (Gemalto). Verizon’s 2016 Data Breach Investigations Report found that in 93 percent of cases where data was stolen, systems were compromised in minutes or less (Verizon). Why?
Protecting the network perimeter perfectly is impossible – networks are too complex.
Network boundary protection is distributed across diverse environments. Each presents variations in network topology, configuration, systems and endpoints, vendors, and security competency. Complex Networks, BYOD, IoT, Cloud, Virtualization are expanding the attack surface, making the enterprises more vulnerable to cyber attack.
Your network boundary protection requires tight standards, disciplined management and monitoring processes, tight change control, and coordination across all your staff and all vendors. Which means that perimeter defense is both difficult to achieve and even harder to sustain.
Intrusion detection doesn’t accurately discern malicious activity. (but all too often generates alerts that benign behavior is malicious)
IDS/IPS systems and Behavioral Analytics tools watch network traffic to apply rules or data science (AI, ML) to distinguish malicious traffic from normal, benign behavior in the network. However with more than 250,000 new malware programs introduced every day (Panda Security), detection based tools and products are unable to stay current with every threat.
While analytical techniques can alert you to the presence of malicious behavior, more than half the time they will alert you that benign behavior is threatening.
False positives result from the fact that large volumes of network traffic generate masses of data, and fine-tuning a detection system in a complex network to be correct at distinguishing malicious from benign activity all the time just isn’t possible.
Intrusion detection is after-the-fact, and ends up consuming wasteful incident response man-hours.
With legacy security products, defending is much more difficult than attacking. The end result is an ever-escalating cost to defend.
Ridgeback takes the fight to the enemy using the WORLD’S ONLY INTRUSION EXPULSION SYSTEM that causes the adversary to needlessly exhaust resources and eliminates them from your network in real time.
— CHANGE —
Present billions of ‘available’ resources
— INFLUENCE —
Use the new battlefield to expose malicious intent
— ELIMINATE —
Expel malicious actors, retain control of your environment.
1. As a first measure, Ridgeback comingles all the live resources on your network with what appear to be billions of available IT resources – hardware, services, network resources etc. – but are in fact all illusions created by Ridgeback i.e. phantoms.
2. When a compromised device on your network (a resource infected with malware or under the control of an adversary) attempts to map the network, to move laterally or to propagate malicious code, contact with a Ridgeback phantom is a sure thing.
3. Next, if an endpoint in your network is trying to scan, connect with or engage resources that exist only as Ridgeback inventions…Ridgeback acts back, instantly, with counter-measures rendering that endpoint useless to the adversary.
To use military language, the attack surface is altered, expanded billions-fold, to make the attacker’s job impossible. The exploit is arrested and you stay in control of your systems.