Light Dark
June 16, 2017 By Domenico Raguseo 2 min read
Intelligence & Analytics
Data Protection
Incident Response

The most common cyberattacks tend to follow the same pattern: An employee receives a fraudulent email and unwittingly exploits a vulnerability upon opening a malicious attachment, exposing sensitive data. Of course, there are countless variations — an unknown vulnerability, encrypted or exfiltrated data, a malware-laden hyperlink — and each one could result in a serious security incident. Implementing specific security controls could mitigate a given risk, but is it enough to protect an organization from the wider threat landscape?

Breaking Down the Security Immune System

IBM defines cyberdefense as a security immune system that depends not on a single solution, but on an integrated set of complimentary controls to protect data. Below are some examples of various security professionals, controls and solutions working together to improve a network’s overall security posture:

  • If data is backed up, the need to pay for its safe return is reduced in the event of a ransomware attack such as WannaCry. The same goes for vulnerabilities — while it’s critical to apply a patch as quickly as possible, one is not always immediately available. Backing up systems and data is the only way to protect against the ransoms and downtime that may be associated with unpatched flaws.
  • Preventing and detecting security incidents is important, but the effectiveness of your security program depends on your incident response capabilities. Remediation efforts must be potent and compliant with all applicable regulations.
  • Although they are not typically classified as such, physical events, or events observed with unstructured data, can occasionally alert administrators to security incident.
  • Mobile device management (MDM) administrators are rarely strong security experts. The more threat intelligence these professionals have at their disposal, the more effectively they can remediate potential vulnerabilities.
  • Finally, it’s critical to apply security controls to all data integrated within a security information and event management (SIEM) solution. That way, analysts can nip threats in the bud before they damage the network.

Evolving With the Volatile Threat Landscape

These are just a few examples, but a strong security program requires much more extensive integration of solutions. Furthermore, the security controls required to protect sensitive data will vary by industry, especially given the growing number of regulatory frameworks governing data privacy throughout the world.

Therefore, in addition to stopping threats in real time, an effective security immune system must be fluid, flexible and streamlined. Most importantly, it must be able to evolve in response to shifts in the increasingly volatile threat landscape.

Download the security immune system brochure to learn more

 |  |  |  |  | 
Domenico Raguseo
Technical Sales and Solutions Leader in Europe, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature