09.09.2020 Here’s what the Five Eyes say you need to do to uncover threat actors on your network

by Andrew Loschmann

Australia, Canada, New Zealand, the United Kingdom and the US publish a rare joint cyber security advisory

On Tuesday, September 1st, 2020, something major happened in the cyber security community. The governments of the United States (US), United Kingdom (UK), Canada, New Zealand and Australia released a joint cyber security advisory detailing approaches to uncovering and remediating malicious activity. This is extremely relevant for all businesses and organizations in these countries.

The advisory is important and comes at a critical time when cyber-attacks are on the rise.  Despite a recent joint announcement by Canada, the US and the UK on Russian attacks against COVID-19 research and intellectual property, these kinds of publications are relatively rare. The effort invested by these governments in issuing a joint advisory underscores the confidence the authors have in the cyber security techniques within, as well as the importance of implementing them.

Behind the report are national security organizations charged with preventing attacks on the government, critical infrastructure, and businesses within their respective nations. They are the authoritative government experts within each country, with access to vast volumes of cyber security intelligence and data, and decades of experience designing, developing, and implementing secure networks.  This includes highly sensitive networks, such as those that handle classified material (you know, the stuff marked ‘TOP SECRET’).

At Field Effect , we are excited about this advisory because it allowed these national security agencies to share some of  their sensitive information and intelligence in a form that is accessible to the public. It provides an unbiased collection of expert recommendations, free from commercial spin, and built on data sets available to very few organizations around the world.

Worth noting in the advisory are several high-level strategies as well as some very specific technical measures recommended for implementation.  They include:

  • Identifying attacks through an ability to define what is ‘normal’ on a network, and subsequently spotting user and system behaviours that are inconsistent with this baseline. This is often called anomaly-based threat detection.
  • Given how much data can be present on even the smallest network, it isn’t feasible to review everything that happens or read thousands or millions of alert logs. It is necessary to employ strategies that avoid data overload(sometimes referred to as “alert fatigue”). This can include focusing on known attack patterns to identify telltale signs of attacker movement or persistence in a network.
  • Ensuring that you have detailed visibility of your network to identify vulnerabilities and spot active threats. This means being able to monitor all user accounts for anomalous activity and insecure configuration; detailed host insight into the processes, file storage and operating system to spot attacker tradecraft. All while having enough detail from network traffic to spot legacy protocols that could be exploited or attacker communications to your network; and sufficiently detailed information to spot unnecessary network services, disabled firewalls, or identifying ghost and shadow IT.

The advisory similarly provides detailed recommendations across host and network systems, as well as best practice recommendations for the level and types of cyber security monitoring for your network.  Mitigation advice, which are the things to do to prevent an attack, and incident handling best practices are included among the recommendations.

At Field Effect, we’re proud to say we are in full alignment with the recommendations contained within this report. In fact, the reason we offer both leading edge digital forensics and incident response services, as well as a continuous threat detection and vulnerability discovery product is no coincidence. They are highly related operationally and skill-wise.  In other words, being able to successfully respond and recover from an incident depends on the ability to first identify and detect an attacker’s behaviour.  The Joint Cybersecurity Advisory recognizes this relationship and its title “Technical Approaches to Uncovering and Remediating Malicious Activity”, reflects this concept.

Stay tuned for more detailed breakdowns of the advisory! After all, we love talking about how our combination of experts at your service and our Covalence™ cyber security solution allow you to maintain a network with the same security practices recommended by the world’s leading cyber security agencies.

Cyber Security News and Updates

The Field Effect Newsletter



 

Request Demo

Fill out the form and we will send you details about our demo.

 
  • Get Covalence Cloud Now

    Protect your company today

    REQUIRED *
  • Let us know what Cloud Services you have
  • By clicking the button below, you agree to the Field Effect terms and conditions

  • This field is for validation purposes and should be left unchanged.
 
  • Sign up

    Get your free 30-min assessment with a cyber security pro to help you understand your security needs

  • This field is for validation purposes and should be left unchanged.
 
  • Sign up

    Get your free 30-min assessment with a cyber security pro to help you understand your security needs

  • This field is for validation purposes and should be left unchanged.
 

Send Us A Message

Fill out the form and we will get back to you!

 

Think you are ready?

We are always on the look-out for amazing people. Think you are one of them? Complete the form here!

  • Accepted file types: pdf, jpg, png, doc, docx.

Solutions

Field Effect’s experience has taught us that every organization is different – different workflows, different personnel and different threats.

Products

We believe in modularity, simplicity and effectiveness. Our expert developers have lived the challenges you want solved. Build and operate more secure and resilient networks with Field Effect Software.

Company

We are proven leaders in the development of network application solutions, low level systems development, and cyber security analytics.

Partners

Partner with Field Effect and gain the cyber security solutions, services, and support to secure your customer’s operations, drive client success, and realize profits.

Careers

We’re always looking for highly-skilled security and engineering professionals to join our team…

Contact

Field Effect Software helps strengthen the IT security operations of organizations large and small. We understand that different organizations face different challenges, and we’re incomparably qualified to match the perfect solution to your unique challenges. Drop us a line, we’d love to help.

COVID-19 – A message from our Chief Operating Officer