Red Teams and Pen Testing aren’t Enough

You now live in a world where hackers break through your prevention systems with ease, abuse your trusted tools, and closely mimic your legit user behavior — every second of every day. Prevention tools are never enough to stop all cyber attacks. For many organizations, malicious activity can go unseen; cybercriminals can often lurk for months, or even years, before they are noticed, such as the infamous 2016 DNC hack attributed to APT28 and APT29.

According to research from Ponemon Institute & SANS (June 2019), the mean time to detect (MTTD) a breach is 197 days — over half a year.

What does a long MTTD mean for your organization? Equifax would tell you it could cost a major loss of customer trust. The karaoke-style video messaging app, Dubsmash, would tell you that a long MTTD could cost the data theft of nearly 162 million user accounts that could later be sold on the DarkWeb for a mere 0.549 BTC ($1,976). Canadian financial institution Desjardins Group would tell you it could cost you over $53 million in a year-long post-breach recovery. Starwood Marriott would tell you it could cost you millions in fines.

According to research by Ponemon Institute, just under 30 percent of global organizations are likely to suffer at least one breach over the next 24 months. Breach recovery is long and costly. US organizations face the highest in breach recovery costs with an average of $8.19 million; UK organizations face average breach recovery costs over $3 million. Ponemon Institute also sees these numbers rising 12 percent over the next five years.

However, cybercrime isn’t the only thing on the rise. We also live in a world where breakthrough advances in Artificial Intelligence, GANs, Deep RL, and Explainability make a new solution possible:

CyCraft’s Health Check brings our customer’s MTTD down from 197 days to under 1 day without false positives or false negatives.

How can CyCraft’s Health Check reduce MTTD by 99 percent?

Simply put, our true full forensic detection can detect what others can’t in a fraction of the time.

Our proprietary automated forensics gets smarter and faster with every analyst action. This new autonomous forensic style of analyzing data has learned to do what an investigator does and more. Our proprietary algorithms are a unique ensemble blend of multiple algorithms, such as adversarial, deep, reinforcement, and online learning. We also look heavily at behavioral detection, which helped us outperform competitors detecting certain adversarial tactics and techniques during our simulation of APT3 — the adversary of the first round of MITRE ATT&CK evaluations.

CyCraft’s Health Check is fundamentally new technology with new results. You use a red team assessment to judge how well your incident response (IR) is, a penetration test to discover vulnerabilities, and a vulnerability assessment to assess easily overlooked risks such as default passwords or non-updated patches. However, none of these are capable of telling you what is happening and where it is happening on your network right now at this very instant. The CyCraft Health Check can. Although all of these are valuable services, if you had to order them based on urgency, Health Check would come first.

While red teams approach your system from a hacker’s perspective, they can’t tell you if hackers are already inside, unless they happen to travel some of the same routes. It is possible that the red team could exploit the same vulnerability the cybercriminals did, but why roll the dice with your organization? We’re not directly testing your incident response procedure; we’re here to tell you if your system has been compromised, where it’s compromised, why it got compromised, how badly, and what needs to be done next. Red team assessments only tell you what they themselves have done to your system; we tell you everything that has happened.

Pen testing and vulnerability assessments are focused on locating vulnerabilities, such as misconfigurations or unpatched services. While closing those holes is crucial and can prevent further attacks, they can’t tell you if cybercriminals have already set up a command and control server with multiple access points after they abused those vulnerabilities. These assessments only check the “outer skin” of your system; we check the skin and all the internal organs.

Preparing for theoretical attacks is important, but they take resources and time to implement. Why not spend those resources on learning what is really happening on your system right now, not just the theoretical attacks? Why not spend less time doing it? We know you’re busy. We’ll take less than a day.

However, speed isn’t everything. One hundred percent confidence in your cybersecurity situation only comes from rigorous digital forensic investigations. CyCraft has made a name for itself with its performance with due diligence digital forensic investigations. We’re thorough.

By examining from all contexts, we collect the full set of necessary forensic evidence.

  • Isolated Artifact Context — We examine individual files, processes, executions, and connections on each endpoint.
  • Endpoint Context — We examine the entire forensic picture of each endpoint.
  • Network Context — We examine all of the cross-site forensic data.
  • Global Threat Context — Our proprietary threat intelligence enriches each examination and cross-checks with up-to-date intel on known threat actors.

True full forensic detection means getting the full MRI-like view of your system. X-rays may go beneath the surface, but an MRI goes beyond and gives you the full picture. None of our competitors offer true full detection from all contexts; they’re offering you an X-ray. None can provide the true full forensic view that CyCraft can.

Remember, CyCraft’s Health Check is fundamentally new technology. While other cybersecurity solutions such as EDR, AV, or SIEM are still essential pieces of the puzzle that every organization should have, individually, they cannot offer the true full forensic detection view that CyCraft’s Health Check offers.

EDR is endpoint-based and not network focused; therefore, when EDR vendors mention “root cause detection,” it’s in terms of the endpoint and not the true root cause of the entire organization. AV solutions are more prevention-focused and miss a lot of stealth techniques. SIEM does have a torrent of data coming in, but it isn’t necessarily the data you need.

One of the many unique features of CyCraft’s Health Check is the attack storyline. In less than 24 hours, our proprietary technology traces malware back to its true global root cause, giving your security experts a true full forensic view of your organization. The attack storyline not only shows the current damage on your system but also meticulously traces the damage event by event back to the initial root cause where it first contaminated your system.

The attack storyline is only one of many features provided to you in our Health Check to give a true full forensic view of your system.

What does a true, full forensic view look like?

Know your cybersecurity situation with complete confidence. Upon receiving our fully actionable report, our expert security analysts will explain to your desired specificity what needs to be done to get you back to healthy ASAP.

Your digital forensic report could include full storylines of any and all malicious activity, in-depth malware analysis, malicious domains and IPs you need to be aware of, suspicious user accounts, graphs of all affected nodes and executions, true global root analysis, and more. We even offer IR services to help you on your road to 100 percent recovery.

“I think IT security services should be like remote medical services. When your computer gets sick, you go to the Internet, let an AI engine scan all potential causes, and have an online doctor diagnose the illness.”

Jeremy “Birdman” Chiu, CyCraft Founder and CTO

What are the benefits of CyCraft’s Health Check?

CyCraft’s Health Check gives you freedom from data exfiltration, ransom and malware outbreaks, deep hacker infiltration, endless SIEM querying, fines and recovery costs, and much more:

  • Catch existing threats and stop the current damage. There may be threats lurking in your system that are already causing significant damage or are on the verge.
  • Prevent future damage. Catch less-developed threats earlier before they do even more damage, become noticed by others, or trigger a business altering incident.
  • Follow up on suspicions, so you don’t have any doubts. You can know for sure about each suspicion.
  • Perhaps someone in IT or security in your organization has seen some questionable behavior and would like an expert opinion or a second opinion.
  • Locate your current weaknesses, so you can eliminate them and improve your security hygiene.
  • Locate any lax, odd, poor security behavior or IT hygiene (connections or users moving where they shouldn’t, software where it shouldn’t be, an OS that shouldn’t be there, etc.) that could potentially be inviting for cybercriminals to exploit and take advantage of.
  • See account user behavior. Traditional vulnerability analysis is not enough since it does not take into account user behavior.
  • Know your cyber situation with complete confidence, so you can rest at ease. A good night’s sleep can be worth its weight in gold.

Is CyCraft’s Health Check difficult to get started?

No.

Knowing with CyCraft means knowing for sure. Contact us today to get healthy.

Who are we?

We are CyCraft.

CyCraft has been rapidly expanding across Asia. It’s no surprise that CyCraft outperformed all other cybersecurity vendors in Asia in the Cybersecurity Excellence Awards. CyCraft was one of only two cybersecurity vendors from Asia selected to join the second round of the MITRE ATT&CK Evaluations against their APT29 emulation.

As of 2020, CyCraft secures several government agencies, the Fortune Global 500, top banks and financial institutions in Asia, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs in several APAC countries, including Taiwan, Singapore, Japan, Vietnam, and Thailand. We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software, TI (threat intelligence), Health Check, automated forensics, and IR services.

Read our use case on how CyCraft Technology helped one of the top four fabless semiconductor manufactures save 95 percent in manpower costs and reduce investigation time of a pre-acquisition due diligence digital forensic investigation by 99 percent.

Writer: CyCraft

CyCraftについて

CyCraft(サイクラフト)は、AIによる自動化技術を専門とするサイバーセキュリティ企業。2017年に設立され、台湾に本社、日本とシンガポールに海外拠点を持つ。アジア太平洋地域の政府機関、警察・防衛機関、銀行、ハイテク製造業にサービスを提供している。CyCraft の AI技術 と機械学習技術によるソリューションが評価され、CID グループ とテマセク・ホールディングス旗下のパビリオンキャピタルから強力なサポートを獲得し、また、国際的トップ研究機構である Gartner、 IDC、Frost & Sullivan などから複数の項目において評価を受けている他、国内外の著名な賞をいくつも受賞している。また、国内外を含む複数のセキュリティコミュニティ、カンファレンスに参画し、長年にわたりセキュリティ業界の発展に尽力している。

CyCraft ニュースレター購読

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
[申し込み]をクリックすることで、CyCraftのプライバシーポリシーにしたがって個人情報が使用されることに同意したこととなります。購読の解除はいつでも可能です。