Automated Attacks Are Now The Norm
In an earlier post, we wrote about the waste we see concerning duplicating the cost of security controls. Equally important is the protective balance of controls that exists in thwarting the existing threat landscape.
A vast amount of intrusions are the result of negligence and opportunistic bot activity. It is unfortunate to realize that for some business entities, if your infrastructure was compromised, it could have been done through unmanned automation that is incrementally moving from one public IP address to another. The sophistication of these attacks is relatively low and can be avoided through careful configuration or caught and blocked if a specific feature-set of a firewall is enabled.
Unfortunately neither are the norm and as increased controls affect authentication complexity, they are avoided many times for the convenience of quick access.
Security is not convenient.
As Artificial Intelligence becomes more prevalent in dirty deeds, we see shortly that sophistication will increase and attack logic will become fascinating. Soon, automation will scour DNS records to find potential corporate owners of endpoints, scrape all social media for all information technology workers at the company to start parsing together intelligent usernames and password guesses to use concurrently to slowly brute forcing the endpoints in such a way that automated security triggers do not enable or react.
Thwarting evolving threats takes a few proactive measures which require attention to detail and a security mindset to configure. Protecting your network edge is one way to not draw attention to yourself. By leaving no exposed endpoint open, allowing only certain endpoints access through whitelisting, and auto generating complex passwords that are stored in a proper vault, automated efforts will fall short in determining and identifying your endpoint to be, their potential entry point.