Menu
INSIGHT: How NZ businesses can break the cyber attack lifecycle

INSIGHT: How NZ businesses can break the cyber attack lifecycle

"The cyber attack lifecycle refers to the procedure attackers use to infiltrate networks and extract data."

Organisations in New Zealand with adequate security measures can break the six-step attack lifecycle at any stage to protect their network and data, while those that don’t have adequate measures in place are at the mercy of cyber criminals.

“The cyber attack lifecycle refers to the procedure attackers use to infiltrate networks and extract data,” says Gavin Coulthard, manager, engineering, Australia and New Zealand, Palo Alto Networks.

“Organisations need multiple threat prevention capabilities built into security platforms to protect them at every stage of the attack cycle.”

Palo Alto Networks has identified ways to break the cycle at each of the six stages to prevent a successful outcome for the attackers and maintain the integrity of your network:

1. Reconnaissance:

Attackers often use phishing tactics or extract public information from an employee’s social media profile, or from corporate websites. They use this information to craft a request to the target organisations’ staff that looks legitimate enough for them to click on.

The subsequently downloaded malware is utilised to look for network vulnerabilities, services and applications they can exploit.

To break the lifecycle, organisations can use URL filtering to prevent attackers from manipulating social media and website information.

Organisations should continuously inspect the network traffic flow with intrusion and threat prevention technologies to detect and prevent port scans and host sweeps.

2. Weaponisation and delivery:

Attackers use various methods such as embedding intruder code within files or emails, or crafting deliverables around specific interests of individuals.

Organisations can break the cycle with next-generation firewalls. This provides full visibility into all traffic, and blocks all high-risk applications.

Using multiple threat prevention disciplines including IPS, anti-malware, anti-CnC, DNS monitoring and sink holing, and file and content blocking can block known exploits, malware, and inbound command-and-control communications.

3. Exploitation:

Attackers that have gained access to the network could activate the attack code and take control of the target machine.

End point protection technologies can block known and unknown vulnerability exploits. Sandboxing technology can automatically provide global intelligence on malware and threats to prevent follow-up attacks on other organisations.

4. Installation:

Attackers establish privileged operations and root kit, escalate privileges, and establish persistence on the organisation’s network.

Organisations can use end point protection technologies to prevent local exploitation leading to privilege escalation and password theft.

Next-generation firewalls can establish secure zones with strictly-enforced user access control, and provide ongoing monitoring and inspection of traffic between zones.

5. Command and control:

Attackers establish a channel back to a server. This lets data be passed back and forth between infected devices and the server.

There are several ways to break the attack lifecycle in this step. Organisations can block outbound command-and-control communications through anti-CnC signatures.

URL filtering can block outbound communication to known malicious URLs, and malicious outbound communication can be re-directed to internal honey pots to identify and block compromised hosts.

6. Actions on the objective:

Attackers manipulate the network for their own purposes. There are many motivations for cyber attack including data extraction, destruction of critical infrastructure, and extortion.

Organisations with granular application and user control can enforce file transfer policies to eliminate known archiving and transfer tactics used by hackers. This limits the attacker’s ability to move laterally with tools and scripts.

“Having the right firewall, anti-malware, and endpoint protection can break the cyber attack lifecycle by interrupting any of these six steps,” Coulthard adds.

“Automatic, incremental protections against malicious URLs and command-and-control attacks eliminate the need for expensive manual processes and keep the organisation ahead of the latest attack techniques.”

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags palo alto networkssecuritycyber

Featured

Slideshows

Reseller News launches inaugural Hall of Fame lunch

Reseller News launches inaugural Hall of Fame lunch

Reseller News welcomed 2015 and 2016 inductees - Darryl Swann, Dave Rosenberg, Gary Bigwood, Keith Watson, Mike Hill and Scott Green - to the inaugural Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed how the channel can collectively work together to benefit New Zealand, the Kiwi skills shortage and the future of the industry. Photos by Maria Stefina.

Reseller News launches inaugural Hall of Fame lunch
Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Show Comments