Getting into the mind of an attacker

player-id
XKeteEHc

Darktrace's Justin Fier explains how automation helps to close the gaps that attackers look for

A cornerstone of defensive strategy is to try to get into the mind of the attacker.

That was the thrust of a prestation by Justin Fier, VP tactical risk and response at Darktrace, delivered during the recent Computing IT Leaders Festival, who said organisations need to be less reactive and more proactive in combatting attacks before they can do serious damage.

This is hardly a new insight. After all, there are many techniques used by cyber security professionals to get one step ahead of attackers, including threat intelligence, vulnerability management, red team/blue team simulations, penetration testing, attack surface management (ASM) and many more, all of which can provide valuable insight into areas of weakness. But there are a couple of problems.

"None of these are talking to each other. They are still very much siloed solutions."

In addition, these approaches also do not scale well, Fier continued.

"They are human-driven approaches, and as we all know, we don't have enough humans within our industry to do the job."

This has been the case for the best part of the decade, and the evolution of human capabilities has not matched the increasing rate and variety of attacks, which explains why automating the cyber response has become such an urgent endeavour.

The Darktrace approach is to link all those silos together, treating the output of one as the input of another. Attack simulation can then talk to ASM, and ASM can be utilised by penetration testers, and so on.

"We need to think a little bit differently about how to manage cyber risk," Fier said.