by Scott M. Lewis
There are other pre-attack signs you need to be aware of that can help determine if you have been compromised before the attack. Many times, if you are going to fall victim to an attack, the threat actors have already penetrated your network, which could have been through an open port on your Firewall, an RDP session, a remote user, customer, or vendor being compromised, end user mistake, and the most popular is email. However, don’t rely on the current security standards to protect you and secure your business. Defensive artificial intelligence must be a part of the thought processes in countering offensive artificial intelligence attacks by identifying virus artifacts and virus behavior before they launch. Some of the other things to watch for and be proactive in blocking are:
- Lateral movement is when a system or network has been compromised; however, the threat actor is now looking for a manner to move around the network to explore the possibility of copying data to a centralized location for offloading. All these actions will leave artifacts that can be tracked, there is always something left behind, but in many cases, unless you are specifically looking for these artifacts, they will go undetected.
- Stopping lateral movement on your network comes in many steps. It starts with ensuring that users don’t have access to things on the network that do not directly relate to their job role. It would be best if you were most restrictive with your user permissions and access.
- Whitelist caution: when you allow free accounts, personal accounts, and websites that are not related to running your business, these could all be avenues to your system being compromised, regardless of the security processes you have in place. In today’s world and with the growing use of Offensive AI, whitelisting or using company networks and resources for personal use should be highly risky. Another key is to limit the country codes you allow users to browse or receive emails from; if you don’t do business in China, block that traffic.
- End-Point Security, traditional Anti-virus is not enough; a new generation of Anti-Virus is on the market, such as Sentinel One, which has lateral movement protections, SMB protections, and the ability to roll back workstations and laptops to last known good configurations. These functions are must-haves in the battle of artificial intelligence.
- Strong Password Management, Multifactor Authentication, and MFA come in many flavors; DUO is one of the leading MFA providers, it will work with Office 365 and Software as a Service (SaaS) programs, and it will protect users working locally or remotely. Passwords should be no less than 12 characters that are alphanumeric with special characters; however, if you are using MFA, once you set these, the industry standard says you don’t need to have routine password changes again.
- SMB attack is difficult to detect and track unless you are specifically looking for that traffic on your network. SMB stands for Server Message Block; it primarily operates on the Application and presentation layers of the network; however, it depends on the TCP/IP layers and NetBIOS layer to operate correctly. SMB allows your workstation to communicate with the server and other network resources; this layer allows you to share documents and connect to a remote machine.
How do you prevent an SMB attack?
The first thing to do is replace SMB1 with SMB 3.1.1 or higher. A firewall with advanced controls like Cisco Firepower can limit outbound SMB destinations, ensuring that end users are not going to known hacker-related sites. Microsoft has implemented the ability to perform UNC hardening, a method to force SMBs to utilize user-based or defined security versus server-defined security measures.
I have covered a lot so far, but the big question is, what can we do to protect ourselves with what we know now? I must admit; that I’ve been struggling with that question myself, it just seems like a daunting task that will never end. It’s not; there is too much money involved with ransomware and other system attacks, it will never end, and it will only continue to become harder to detect and recover. The damage they are willing to do now is just mind-blowing. The fact of the matter is that it is much harder to be in the defensive position than in the offensive position. In the defensive position, you must be able to anticipate what you don’t know is coming, learn quickly, and put countermeasures in place at a moment’s notice. You also must have a complete recovery process in place; if all else fails, included in that recovery process are the funds available to pay the threat actor if required.
With defensive AI, the system you choose does matter; most systems will do a great job of protecting you against known threats. However, to predict human behavior, you must have something that has the logic to analyze and normalize your historical traffic, then apply a process to identify activities that are not within the normalized patterns of your users and company. This type of learning and analysis is typically based on a much higher device level than you find in your historical antivirus software.
2022 has forced me to do a lot of research on artificial intelligence and the different providers out there, and there are so many good ones, so make sure you do your research. However, Winning Technologies has focused on three providers that can cover small and large businesses based on their specific needs and requirements. In no order, Arctic Wolf, Darktrace, and Mantix4 are all leaders in the Cyber Security Artificial Intelligence defensive market for small to large businesses. On the surface, it seems they are all very similar and have similar characteristics. However, based on your company’s needs and your current security culture and status, each one of these providers offers a comprehensive solution that will improve your security posture and provide the expertise required for oversite, reporting, prevention, and recovery within your security model.
Having been in the technology business for more than 40 years and having designed over 2000 systems, small and large, performed over 500 technology audits, and managed tens of thousands of users, I thought there wasn’t much I hadn’t seen or been exposed to in my long career. However, the technology around attack artificial intelligence on businesses is an incredible new frontier catching businesses and IT professionals off guard and unprepared. Firewalls, Anti-virus, and other traditional security measures, including multi-Factor, are no match for attack artificial intelligence. It is time for us to evolve and change our thinking about where, who, and what the threats are and that a simple VPN is not enough to protect us any longer. It will take building a culture of security within your business by expanding how we train end users to protect our businesses; all the traditional stuff still applies. Still, the combination and layering of these approaches must be accomplished and expanded, including budgets for security.
Scott Lewis is the president and CEO of Winning Technologies Group of Companies, which includes Liberty One Software. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author. He has worked with businesses to empower them to use technology to improve work processes, increase productivity and reduce costs. Winning Technologies’ goal is to work with companies on the selection, implementation, management and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or by calling 877-379-8279.