Cyber adversaries need knowledge of your network so they can spread progressively through the network to expand control over your IT systems, and ultimately grab your valuable data.
One infected device, the initial breach, is their starting point – but the real damage occurs when an intruder uses lateral movement within the network to discover and steal information.
Lateral movement refers to the various techniques attackers use to progressively assert control over a network as they search for key assets & data.
1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86 percent over 2015 (Gemalto’s Breach Level Index}. Verizon’s 2016 Data Breach Investigations Report found that in 93 percent of cases where data was stolen, systems were compromised in minutes or less. (Verizon). Why?
Network perimeters are too complex to guard reliably
Network boundary protection is distributed across diverse environments. Each presents variations in network topology, configuration, systems and endpoints, vendors, and security competency.
Your network boundary protection requires tight standards, disciplined management and monitoring processes, tight change control, and coordination across all your staff and all vendors. Which means that perimeter defense is both difficult to achieve and even harder to sustain. Add BYOD and IoT devices to the picture and the challenge grows in difficulty.
Intrusion detection doesn’t accurately discern malicious activity
(but generates alerts that benign behavior is malicious)
IDS/IPS systems and Behavioral Analytics tools watch network traffic to apply rules or data science (AI, ML) to distinguish malicious traffic from normal, benign behavior in the network.
While analytical techniques can alert you to the presence of malicious behavior, they will often alert you that benign behavior appears threatening.
False positives result from the fact that large volumes of network traffic generate masses of data, and fine-tuning a detection system in a complex network to be correct at distinguishing malicious from benign activity all the time just isn’t possible.
Intrusion detection is after-the-fact, and ends up consuming wasteful incident response man-hours.
With legacy security products, defending is much more difficult than attacking. The end result is an ever-escalating cost to defend.
Ridgeback takes the fight to the enemy using Interactive Deception and causes the adversary to needlessly exhaust resources. This aggressive strategy results in the cost of attack outweighing the benefits of attack.
— CHANGE —
Present billions of ‘available’ resources
— INFLUENCE —
Use the new battlefield to expose malicious intent
— ELIMINATE —
Expel malicious actors, retain control of your environment.
1. As a first measure of interactive deception, Ridgeback comingles all the live resources on your network with what appear to be billions of available IT resources – hardware, services, network resources etc. – but are in fact all illusions created by Ridgeback i.e. phantoms.
2. When a compromised device on your network (a resource infected with malware or under the control of an adversary) attempts to map the network, to move laterally or to propagate malicious code, contact with a Ridgeback phantom is a sure thing.
3. Next, if an endpoint in your network is trying to scan, connect with or engage resources that exist only as Ridgeback inventions…Ridgeback acts back, instantly, with counter-measures rendering that endpoint useless to the adversary.
To use military language, the attack surface is altered, expanded billions-fold, to make the attacker’s job impossible. The exploit is arrested and you stay in control of your systems.