Hyas Blog | The Secret to Cybersecurity Lies in Interrupting Causation Chains
- Cybersecurity has never been more critical. The frequency and scope of cyberattacks like ransomware and supply-chain attacks is skyrocketing, as are the costs for organizations of all kinds. Those costs can include stolen money, intellectual property and data, as well as lost productivity and sullied reputations.
- In a world where anyone can and will be breached, the best way to implement true business resiliency is to drive the time from infection to detection and remediation as close to zero as possible.
- HYAS has a unique approach to cybersecurity and ultimately business resiliency: analyzing data aggregated from private and commercial sources around the world to identify telltale patterns left by malicious actors that enables a mapping from what has happened, to what is happening, and what will happen.
I consider myself a practical optimist. It sounds like a weird combination, but I think it’s necessary to be both in today’s cybersecurity landscape.
Attacks of all kinds are increasing both in frequency and scope. But we’re also starting to see a lot more recognition that critical infrastructure — around the country and around the world — isn’t sufficiently protected. In a world where any organization can and will be breached, we need to make sure that we’re driving true business resiliency to protect critical infrastructure and deal proactively with the constant onslaught of attacks vs. reacting to them.
That’s why I’m proud to lead HYAS, where we’ve developed the industry’s first set of security solutions that can be integrated into a client’s existing security stack to implement business resiliency and ensure that, no matter where or how a bad actor breaches the environment, the organization gets real-time visibility of what’s occurring, early enough in the kill chain to detect and stop it before damage occurs.
Cybersecurity Ventures projects the cost of cybercrime to reach $8 trillion by the end of this year and $10.5 trillion by 2025. Those costs can include everything from stolen funds and lost productivity to destruction of data and reputational harm. And although only the most high-profile attacks tend to make news, cybercriminals target businesses of every size and in every industry.
The financial impact of an attack isn’t the only reason every business needs cybersecurity and business resiliency solutions. The safety of employee and customer data is also at stake. The safety of any data a company shares with other parties, like software vendors and subcontractors, is also at stake. And ultimately, when it comes to critical infrastructure, even human lives could be at stake.
Put simply, we’re all in this together. We all have a responsibility to invest in cybersecurity, for our own sakes and for the greater good.
There are plenty of cybersecurity platforms out there. What makes HYAS different, and why is it the choice for large and small clients, even critical infrastructure and Fortune 500 among them?
I'm glad you asked.
Another Day, Another Attack…
Even just five years ago, ransomware was a concern, but many of us thought of it as a nuisance, not a cataclysmic crisis. Now, ransomware attacks often include data exfiltration, which victimizes targeted organizations twice: Hackers might demand money to de-encrypt a company’s data and threaten to sell that data on the dark web. And they may keep the data once the ransom is paid regardless.
If that sounds like the plot of a Tom Clancy novel, think again. Often, a low-level bad actor may find a compromised password or another backdoor into a network and sell that information to a higher-level criminal organization with the means and wherewithal to deploy fully undetectable malware. At the same time, supply chain attacks are becoming more common by the day. They have been around for a long time, but lately have become especially pernicious. Today’s software often uses hundreds of open-source dependencies, all of which could have vulnerabilities in their code.
In supply chain attacks, the initial target is a trusted third-party vendor, but the hackers’ ultimate targets are that vendor’s end users. That’s what happened to the SolarWinds Corporation, for example, in one of the most notorious supply chain attacks in recent memory. In that case, the breaches went undetected for months before the attacks actually began.
Updating the Chain To Take Back Control
Supply chain attacks, ransomware and even malvertising (which weaponizes Google ads for phishing purposes) are all varieties of ever-more-sophisticated attacks.
The team at HYAS looks at these problems differently than most of our peers. Our solutions layer into a client’s existing security stack and provide the critical visibility into malicious behavior and communication that is the first sign of an intrusion. Hackers typically lurk inside a network for quite some time, doing reconnaissance and fine-tuning their attack.
Put another way, a bad actor plants a spy inside an enterprise — maybe they get in through an email or a USB stick or a compromised password — and then they walk around your enterprise, a process called “lateral motion.” But all the while, the spy is in touch with the bad actor via communication with adversary “command and control” infrastructure to facilitate, control, and eventually execute the final phases of the attack.
That’s where HYAS comes in.
We maintain GDPR-compliant contracts that enable us to gather a variety of adversary-infrastructure related data and organize it into a complex graph database. Proprietary algorithms, and advanced R&D analysis, allows us to build connections within that graph database to construct correlations and combinations between all the data points we see.
So while anyone can detain a piece of malware and figure out that “xyz[,]com” (a hypothetical example) is a bad domain and update their allow-and-deny list, HYAS may know that this one piece of data is connected in the graph database to several others, allowing HYAS to update a risk score for everything in the connected chain and ultimately maintain a real-time view of adversary infrastructure. That allows us to stay ahead of bad actors who are constantly changing their command-and-control to fend off anyone working to spoil their attack, and even advanced Domain Generation Algorithm (DGA) malware.
The correlation between what has happened and what will happen is critical. HYAS not only protects customers, but it allows them to get the information they need to understand the nature of threats that they face, proactively adapt their defenses or even help take cybercriminals out of the game. For instance, say a hypothetical organization got attacked four times in a month. Even if they were all properly detected and thwarted before damage occurred, understanding if this was the work of four separate and unrelated attacks, potentially indicative of being caught in a spray-and-pray campaign, or if it was the work of one bad actor group trying multiple different ways to break in, is critical to understand the nature of the threats and risks that organization is facing. Answering those kinds of questions empowers our clients to take back control — to adapt and move full forward at the speed of business.
HYAS was named a ‘hot company” by Cyber Defense Magazine in eight categories: Protective DNS, DNS Security, Threat Intelligence, Security Investigation Platform, Threat Actor Infrastructure Mapping, Cloud Workload Protection, OT Security, and Critical Infrastructure Protection.
Want to learn more about why HYAS changes the game?
- Read case studies
- Explore HYAS’ ecosystem of integrations
- Follow us on LinkedIn and Twitter