All Cyberattacks Have This in Common


We’re all aware that cybercrime is everywhere. FUD to the max. When things become commonplace, we start to become numb to the news. We are no longer surprised or shocked that these things happen, or who they happen to.

There is no instruction manual to perfect security. All businesses run differently and no product is impenetrable. Plus, humans work at our companies. As much as humans are needed, they are also our greatest weakness. According to Verizon’s 2022 Data Breaches Investigations Report, 82% of data breaches involved a human element.

We spend billions on cyber protection, continuing to layer on solutions for each attack vector. Security teams are drowning. But can anyone say, with certainty, they are 100% protected from something no one has seen before? Probably not. And probably not ever. In security, there are no guarantees.

So if we can’t control the actions of our fellow humans and we can’t rely on knowing which attack is going to happen – what is something we can control?

The first step in becoming more secure

One thing is true of all cyber attacks: they require a connection to happen. Multiple stages in the cyber kill chain need a connection to move on to the next, or to complete the attack. A “call-home” for instructions. An execution command.

So the first step in becoming more secure is to have complete visibility of every connection traversing the network – both in and out. Zero Trust tells us our network is compromised, so all connections leaving your network need to be checked too. Every single email click. Every website download. Every single URL a malvertisement script takes you without knowing. Every. Single. Connection.

Four things you should know about every connection

After you have total visibility of connections in and out, now the question is: what am I looking for?

There are four things your solution should be able to tell you about a connection in real time for it to be effective.

1) A connection’s origins

Simply pulling up who owns an IP or domain doesn’t tell you the whole story. Yes, company B is legitimate and owns this domain, but it had been used by X for numerous exploits 10 years ago. So I’m not going to trust it.

2) The connection’s reputation

So legitimate company A owns that IP right now, but it has been affiliated in the past with company B based in country Y, who has a history of doing bad things. Therefore, I see no reason to let this in until I am convinced otherwise. If there’s no legitimate business reason to access this, I most likely never will.

3) The connection’s behavior

I’m not seeing a problem with the owner or the reputation, but I am seeing behavior indicative of something malicious. Therefore, I don’t trust it.

4) Has it been seen before?

Everything unknown is not to be trusted. If something has never been seen before, it should never be allowed to enter your network.

These four components need to be assessed in real-time as connections are coming in and out of the network. There aren’t many companies that have the vast history to know the origins or reputations of connections, but they do exist.

Knowing the unknown

To safeguard from the unknown, you must know what is unknown. And to do that, you need a lot of history, a lot of intelligence, and some serious tech.

At Intrusion, we focus on one thing: connections. We pair threat intelligence with automated detection and response giving you visibility of every connection entering and exiting your network. With nearly 30 years of history on billions of IPs and domains, we help you see the unseen, and know the unknown.


No posts to display