If you know me, you know that I love analogies. I find that they not only help people understand how things work but successful analogies also provide credence that an idea is a good one – if the model works in one situation then why doesn’t the same approach work for another?
I was meeting with a client and colleague and started thinking about how the human body works, and how it has developed approaches for fending off diseases, both known and unknown. Obviously we have skin and natural barriers to keep pathogens and bad things on the outside where they belong, and we have built-in protections like enzymes and other barriers across obvious entry-points like your eyes, nose, and throat to address bacteria and others trying to work their way inside the human body.
But what happens when a pathogen does get past your natural defenses? Among the various internal processes that occur, white blood cells will search it out, adapt themselves as needed, and tackle the infection head-on. The human body is designed with the realization that bad things will get past the defenses at the boundary, and therefore our bodies need to be continually looking internally to understand (i) what’s happening internally that shouldn’t be and (ii) how do we quickly and efficiently search it out and shut it down.
It’s a model which, I’d argue, has worked well for centuries if not longer. And isn’t this how most any model against attackers known and unknown should work – keep them outside the boundary if possible but make sure that if they do breach you quickly identify the infection and kill it?
Which brings me to the world of cyber security. For too long the cybersecurity model has been “stop the breach at the organization’s four walls” – that is, preventing the breach. However, if the last few years have taught us anything, it’s that attackers continue to innovate.
Ever-changing attack techniques combined with a continually expanding attack surface means that this model is fundamentally flawed, and the continual successful attacks prove this. A modern cyber security approach needs to learn from what has worked for our human bodies for centuries – try and stop it on the way in but ensure that you have the visibility and capability to quickly identify and stop anything that successfully breaches.
That’s why HYAS exists. Since any attack today, malware-based or malware-less, needs to beacon out for instructions to some type of adversary-controlled infrastructure, and HYAS is the leading expert on adversary infrastructure, HYAS can uniquely identify those breaches and drive the time from infection to identification and remediation as close to zero as possible.
Third-party independent testing has already validated this, in addition to our own tests (such as the first, second, and third in our internal efficacy series). The combination of beespoke data sources and the organization of that data into a unique graph database allows HYAS to excel where others fail, often identifying nefarious adversary infrastructure weeks or longer before the general market.
Deployable in a flexible, API-forward, SaaS architecture across either the corporate/IT or production/OT environment (or both), HYAS solutions act as those white blood cells to ensure that whatever sneaks past your external defenses gets seen and stopped. The model has clearly worked in other environments and it’s time for us to learn from “what has worked previously” and adapt our cyber defenses. And with a free trial – there’s no risk to you or your organization in identifying how to modernize your specific environment.
Want to get the upper hand on adversary infrastructure? Contact us to get a complimentary security assessment and learn how to make the switch from reactive to proactive defense.
- Threat Reports
- HYAS Labs
- Threat Intelligence
- DNS Security
- Artificial Intelligence
- DNS Tunneling
- Major Attacks
- flow data