The cybersecurity war is fought on the endpoint. And, unfortunately, the endpoint is becoming more vulnerable. Attacks exploiting zero-day vulnerabilities more than doubled last year. Cybercriminals are becoming more sophisticated and are using more refined techniques like spear phishing, which cost one American corporation $100 million. If that wasn’t enough to deal with, ransomware is quickly becoming a popular and lucrative business model for criminal syndicates.
Meanwhile, the battlefield is only growing larger. The types of endpoints that need to be protected is expanding. No longer confined to critical servers, vulnerable endpoints now include mobile devices, point of sale (PoS) systems, ATMs and industrial control systems.
Furthermore, with enterprise endpoints now encompassing platforms such as laptops that move between networks, point of sale systems and kiosks that have limited CPU and memory capacity, continuously detecting change can be difficult to manage and time consuming to maintain.
Now more than ever, it’s important to understand the cyber crime playing field in order to effectively protect and defend against these threats. Attacks can be classified into three types: commodity attacks, targeted attacks and advanced persistent threats. Commodity attacks make up 80% of all reported tasks. These attacks are executed with simple, easy to use, widely available tools. The goal is to exploit organizations who haven’t invested in basic security controls for financial gain.
Targeted attacks are 19.99% of the total. This type of attack means your organization is singled out and the attacker has a specific interest in your business or your intellectual property. These types of attacks take time and planning, sometimes months to lay the groundwork and prepare. Attackers may still use commodity techniques to probe the systems in your organization looking for the best path to exploit but their methods are specifically tailored to your infrastructure, processes and personnel.
The remaining type of attack is an Advanced Persistent Threat (APT) and consists of only about .01% of the total attacks out there. It is a set of stealthy and continuous computer hacking processes, often targeting a specific entity or organization for business or political reasons. The end game is usually information – specifically, items that could compromise or financially hurt an organization: trade secrets, classified government information, healthcare data and personally identifiable information.
Fortunately, practicing basic security hygiene will help you detect commodity and targeted attacks, protecting you from 99% of attacks. Adding detection capabilities to your security operations–things like monitoring the state of a system and detecting changes in real-time, baselining that state and detecting changes against that state, and evaluating that state against published standards–allows you to see evidence of an attack.
To solve these problems by making it possible to employ and maintain good security hygiene on a wide variety of enterprise endpoints, Tripwire has released Tripwire Enterprise 8.5, built to run on the firm’s new secure, scalable and extensible platform, Tripwire Axon.
Part of the Axon platform is the Axon agent. It is compiled natively for the platform it is deployed on, allowing you to deploy Axon across a variety of platforms, including servers, desktops, laptops, point of sale system, ATMs and others. The Axon agent is also lightweight and efficient, consuming fewer device and network resources. It allows you to extend basic security hygiene to more of your assets, protecting your environment from 99.9% of attacks.
If you want to find out more about Tripwire Enterprise 8.5 with the Axon Agent, we will have experts to speak to in our booth at Black Hat. Get more information on all of our exciting Black Hat activities here.
Alternatively, if you are not at Black Hat and wish to find out more about Tripwire Enterprise 8.5 with the Axon Agent, click here.