Solution Briefs

Why Firewalls and Antivirus are Not Enough

Issue link: https://learn-umbrella.cisco.com/i/710469

Contents of this Issue

Navigation

Page 0 of 3

© 2016 Cisco and/or its affiliates. All rights reserved. Network (firewall) and endpoint (antivirus) defenses react to malicious communications and code after attacks have launched. Cisco Umbrella observes internet infrastructure before attacks are launched and can prevent malicious internet connections. Learning all the steps of an attack is key to understanding how Umbrella can bolster your existing defenses. Each step of the attacker's operation provides an opportunity for security providers to observe its presence and defend its intrusion. On the next page, four detailed example attacks are laid out using a seven-step framework. Here is a high-level summary of the details: 1. Recon: Many reconnaissance activities are used to learn about the attack target. 2. Stage: Multiple kits or custom code is used to build payloads. And, multiple networks and systems are staged to host initial payloads, malware drop hosts, and botnet controllers. 3. Launch: Various web and email techniques are used to launch the attack. 4. Exploit: Both zero-day and known vulnerabilities are exploited or users are tricked. 5. Install: Usually the initial payload connects to another host to install specific malware. 6. Callback: Nearly every time the compromised system callbacks to a botnet server. 7. Persist: Finally, a variety of techniques are used to repeat steps 4 through 7. It is not necessary to understand each tool and technique that attackers develop. The takeaway is to understand how multiple, and often repeated, steps are necessary for attackers to achieve their objectives. Words of Wisdom Compromises happen in seconds. Breaches start minutes later and continue undetected for months. Operating in a state of continuous compromise may be the new normal, but we cannot accept a state of persistent breach. " Advanced targeted attacks are easily bypassing traditional firewalls and signature-based prevention mechanisms. All organizations should now assume that they are in a state of continuous compromise." Neil MacDonald & Peter Firstbrook Designing an Adaptive Security Architecture for Protection From Advanced Attacks © 2016 Cisco and/or its affiliates. All rights reserved. Why firewalls and antivirus alone are not enough. S O LU T I O N B R I E F

Articles in this issue

Links on this page

view archives of Solution Briefs - Why Firewalls and Antivirus are Not Enough