The cybersecurity market is due for a rebalance of power and shift in focus. For far too long, adversaries have had a time and visibility advantage over defenders.
No wonder we’ve arrived at the place in the story where breaches are inevitable… ‘it’s not a matter of if but when’. When a breach is inevitable, detecting the breach as quickly as possible, has become the goal.
But should it be?
Here are my questions:
- Why has faster threat detection and response become the goal?
- Why isn’t adversary deterrence the goal?
- How did we get here?
At Opora, we believe we got here based on a misguided operating principle – one that drives most of the cybersecurity industry. The principle is that studying the weapons that threat actors use to attack us is the best way to defend ourselves. But this fails to address the fact that this is all ‘after the fact’, and after the damage is done.
The principle that studying the weapons a threat actor uses gives us all we need to defend our organizations, supply chains, and customers is false. This ‘big lie’ continues to escalate risk.
Working with our customers, what we’ve discovered is that on average:
- 70% of an adversary’s attack infrastructure is not known by the cybersecurity community
- 30 days of exposure to hidden attack infrastructure is common
- < 5 persistent adversaries are responsible for 40% of security events
No question… there is value in collecting, studying, and sharing post-attack IOCs. However, a sole reliance on this approach puts us at a time and visibility disadvantage to our adversaries… stuck within an endless and reactive cycle. As long as this post-attack, weapons-focused guiding principle remains, adversaries will continue to retain their advantage without deterrence.
CISOs and their teams need to know more than what an IOC can tell them on its own, and they need to know in time to do something about it. Specifically, they need to know when adversaries are preparing to attack, when they’re building an arsenal that targets their organization, their subsidiaries, their customers, and suppliers, and what that arsenal comprises – in its entirety.
This level of preemptive visibility can, and will deter persistent adversaries.
This is our mission at Opora. Our platform gives CISOs and their teams measurable visibility into when their organization is at risk, which aspects of their extended enterprise are at risk and by whom and how. By integrating Opora into their firewalls and proxies, SOC teams can immediately preempt attacks – prior to initial access and execution.
Our integration with SIEMs, firewalls, SOARs, and Secure Email Gateways (SEGs) enables rapid detection of persistent attacks that other solutions miss and then issues commands to block active connections to attack infrastructure.
Once your persistent adversaries discover they no longer have the edge they once had, they will move on. In fact, our cloud-based platform delivers a measurable advantage – in time and in visibility – over your persistent adversaries.
It’s time for the story of the uncontested adversary to end, and we’re here for it.