Wave Systems Corp. (fka WAVXQ)

[Genz2]

The Art of (Cyber) War: How Adversarial Thinking Strengthens Cybersecurity

https://www.securityweek.com/art-cyber-war-how-adversarial-thinking-strengthens-cybersecurity

Cybersecurity is unique compared to most other business operations, even most IT operations. Unlike marketing or network management—both of which tackle difficult and ever-changing challenges in the business operating environment—cybersecurity pits defenders against intelligent, creative and deliberate opponents.

Hackers are aware that they are actively hunted and thwarted at every step between target scoping and data breach. That means they are applying the full brunt of their ingenuity and technical expertise to avoid cybersecurity defenses as they pursue their goal.

Even though this struggle takes place in cyberspace, the lessons from real battlegrounds retain their relevance and significance. In the ancient military strategy text, Art of War, Sun Tzu makes the point “If you know the enemy and know yourself, you need not fear the results of a hundred battles.”

Cybersecurity teams need to adopt an adversarial mindset that allows them to tackle the unique challenges of the cyberspace. This involves clearly understanding what their enemies are capable of and preparing an appropriate response.

Communication and visibility

The most valuable weapon on the battlefield is information about your team and their current state as well as your enemy. “If ignorant both of your enemy and yourself, you are certain to be in peril.” This holds true in reverse as well. Hackers want to know as much about your networks as they possibly can.

The first step in a targeted cyber-attack is recon. By scanning public facing systems, hackers can learn a great deal about an organization’s IT infrastructure, including potential vulnerabilities. Once they have made their way onto the system, a hacker’s first priority is to establish a persistent connection that allows them to maintain visibility into the network they have infiltrated.

As a result, the first priority of a cybersecurity team needs to be cutting off communication between their systems and hackers. This is especially true for botnets or cryptojacking malware
in which the main benefit to hackers relies on sustained, two-way connections to the infected devices to leverage their computing power for DDoS attacks or mining cryptocurrency.

It is also important for cybersecurity teams to have visibility into their networks to understand what normal behavior is and what could be driven by hackers. It is easy for hackers to slip onto networks through unmonitored open ports or by infecting third-party devices that have access to internal networks if cybersecurity teams are watching them closely. By developing a strong understanding of the digital assets connected to the corporate network, cybersecurity teams can better protect themselves against threats targeting devices they are not regularly monitored.

At a higher level, cybersecurity teams need to know the current state of cyberspace, i.e. the latest malware, vulnerabilities and exploits in use by hackers so that they can better protect their systems. Monitoring and installing security patches to the systems they use on a regular basis significantly improves their defenses against these threats. They can also ensure that their malware defenses recognize and stop malware if they are consistently checking for new developments. This is easily achieved by monitoring new research from respected threat research teams or by joining an information sharing group that monitors threats relevant to that team’s industry.

Implement elite training

Cybersecurity skills are a constantly moving target that require continuous training. Hackers have a lot of bots at their disposal and a lot more IT appliance features they can exploit. Cybersecurity is a multidisciplinary field requiring comprehensive knowledge of computer network and systems, understanding the differences in IT/security architectures, and, of course, people and social engineering. It is a profession that requires continuous updates and training against the latest tools and techniques.

Militaristic philosophies of train, train, train against realistic opponents are necessary. “Victory usually goes to the army who has better trained officers and men.” By providing exposure to realistic situations that can arise during a cyber-attack, organizations can better prepare their cybersecurity teams to face whatever hackers throw their way, no matter what their previous experience level. Allowing your IT teams to play the roles of attackers and defenders also provides perspective. Red teaming with a multi-layered attack simulation that measures how people, networks, applications and physical security controls can withstand an attack from a real-life adversary is a must. But, it is equally, if not more, important for teams to practice in real-world environments which can be difficult to do.

There is a growing offering in the industry called “Cyber Ranges” that can simulate internet-scale environments to develop elite cybersecurity teams by imitating attacks on IT infrastructures. In these environments, cybersecurity teams can test their defenses against the latest hacker techniques and mimic successful breaches as case studies.

Cybersecurity is a rapidly-moving and evolving field, but the challenges it presents are not insurmountable. By taking some time to understand the enemy and how they work, cybersecurity teams stand a better chance of stopping them. “The supreme art of war is to subdue the enemy without fighting.”

================================================================
Wave keeps hackers from getting on the company/government network! See the links and highlights below for an explanation to 'subdue the enemy without fighting'.
================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.

Token-free, password-free user authentication

We know you’ve dreamt about shredding your list of passwords. Go on and do it.

Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
================================================================
https://www.wavesys.com/products/wave-virtual-smart-card