{"id":23373,"date":"2023-11-14T11:27:54","date_gmt":"2023-11-14T19:27:54","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/11\/14\/news-17103\/"},"modified":"2023-11-14T11:27:54","modified_gmt":"2023-11-14T19:27:54","slug":"news-17103","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/11\/14\/news-17103\/","title":{"rendered":"New Active Adversary Defense capabilities with Sophos Firewall, Sophos XDR, and Sophos NDR"},"content":{"rendered":"

Credit to Author: Doug Aamoth| Date: Tue, 14 Nov 2023 10:59:29 +0000<\/strong><\/p>\n

\n

Active adversaries are now a major threat to organizations of all sizes. These highly skilled cybercriminals continue to develop and evolve their techniques in response to superior defenses, executing attacks at scale and employing sophisticated techniques specifically designed to avoid triggering preventative security solutions.<\/p>\n

We are excited to announce the addition of new capabilities to Sophos Firewall, Sophos XDR, and Sophos NDR solutions to further enable organizations to defend against these active adversaries.<\/p>\n

What are active adversaries and how do they operate?<\/h2>\n

\"\"Active adversaries are highly skilled cybercriminals, often equipped with sophisticated software and networking skills, who gain entry into an organization’s systems, evade detection and continuously adapt their techniques<\/strong>, using hands-on keyboard and AI-assisted methods to circumvent preventative security controls and execute their attacks.<\/em><\/p>\n

Organizations need adaptive security controls designed to detect and respond to the approaches commonly used by active adversaries:<\/p>\n

Multi-stage attacks<\/strong>
\"\"<\/strong>Attacks that end in a different place than they started<\/em>
Active adversaries execute attacks that cross multiple domains across the victim\u2019s environment. The full scope of these attacks cannot be detected by a single point product. Organizations need visibility across their entire ecosystems.<\/p>\n

Living off the land attacks
<\/strong>\"\"<\/strong>Attacks that use legitimate tools in malicious ways
<\/em>Preventative security tools are unable to block the use of legitimate IT tools without the risk of causing significant operational disruption. Attackers take advantage of this by using legitimate IT tools like RDP and PowerShell to blend into the background.<\/p>\n

Unknown vulnerabilities
<\/strong>\"\"<\/strong>Attacks that leverage a weakness, flaw, or error in software
<\/em>Attackers exploit zero-day and unpatched vulnerabilities to execute attacks: 65% of ransomware attacks start with an attacker exploiting an unknown vulnerability or logging in using legitimate credentials.<\/p>\n

Credential abuse
<\/strong>\"\"<\/strong>Attacks that start with an adversary logging in instead of breaking in
<\/em>Active adversaries use compromised legitimate user credentials to log in and execute their attacks. Preventative security tools are unable to block or detect until the “user” demonstrates suspicious or malicious behavior.<\/p>\n

\"\"<\/a>Our new Active Adversary Report for Security Practitioners<\/a> highlights key changes in adversary behavior over the last year, including:<\/p>\n