Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise—in fact, every organization, regardless of vertical and size is at risk, whether as a direct target, supply chain or collateral damage.
The vast majority of security decision-makers acknowledge they need to address the APT risk with additional security solutions but struggle with mapping APT attack vectors to a clear-cut set of security product capabilities, which impairs their ability to choose the products that would best protect them.
Cynet is now addressing this need with the definitive RFP templates for EDR/EPP and APT Protection, an expert-made security requirement list, that enables stakeholders to accelerate and optimize the evaluation process of the products they evaluate.
These RFP templates aim to capture the widest common denominator in terms of security needs and deliver the essential that are relevant for any organization.
Thus, using these ready-made templates can potentially save volumes of times and resources otherwise spent on building a similar requirement list from scratch.
APT groups, as the name implies, are highly persistent. In practice, this persistence manifests in targeting numerous attack surfaces until successful compromise.
To adequately defend from such attacks one must be well acquainted with both of these attack surfaces, as well as with the various vectors attackers use to target them.
“The best analogy is a Ninja warrior with multiple weapons,”http://thehackernews.com/” says Eyal Gruner, Co-Founder of Cynet, “as an attacker you seek the weak link until you find it—vulnerable endpoint, VPN credentials, networking misconfiguration, insecure DMZ architecture… it’s really endless.”
“But of course, there are vectors that are used more. Some, because they yield better results and some because they are easier to execute. Like any industry, there are common practices you can clearly map out.”
This attack vector map should reside on the backend of any cybersecurity purchase. In the long run, the investment in security would be measured against its success in preventing cyber derive damage from occurring.
However, many security decision-makers don’t have the attacker perspective that would enable them to adequately prioritize the capabilities they need their security products to have.
To address this need, Cynet releases the Definitive EDR/EPP and APT Protection RFP templates, to be used as a free resource by organizations that seek protection from advanced threats.
“We took the knowledge we’ve accumulated throughout years of offensive security and attack research,” says Gruner, “and asked ourselves – as attackers, what kind of protection would have strained us to the degree that we might reconsider shifting to another target.”
“It was a fascinating journey for us as well which really forced us to objectively reflect on the pros and cons of a wide attacking tools array.”
This is exactly the missing link in the knowledge of the common security buyer, which makes perfect sense—after all non-attackers are not expected to master the attackers’ best practices book.
These decision-makers, however, do know more than anyone else what they have and what they need to protect. The Definitive APT Protection RFP can force-multiply the quality purchase decisions, ensuring that they indeed deliver.
The RFP comprises five sections:
- Monitoring & Control—routine activities to gain visibility and proactively discover and reduce attack surfaces.
- Prevention & Detection—mechanism to thwart the wide array of commodity and advanced attack vectors.
- Investigation & Response—an overall toolset for efficient reaction to the detected live attacks.
- Infrastructure (EDR only)—architecture, deployment, data collection and communication.
- Operation—ongoing management of the solution
“I guess there isn’t an organization that didn’t experience at one time or another buying something shiny that seemed amazing and ended up with little value, we see it all time,” says Gruner.
“Either it didn’t work or address some esoteric attack vector that looked great in the demo but never happened in real life. The Definitive Guide is meant to prevent this kind of scenarios.”