In the world of cybersecurity, even the most trusted tools can sometimes fail. This was underscored recently when CrowdStrike, an extremely well regarded cybersecurity company, inadvertently pushed a software update that impacted their customer’s systems and security services. While such incidents are rare, they serve as a reminder that no single piece of hardware or software is infallible. The reality is that failures, whether it be system outages or missed threat identifications, though infrequent, are an inevitable aspect of cyber defense technology.
Embracing Defense in Depth
This incident highlights the critical importance of implementing a defense-in-depth strategy. Defense in depth involves layering multiple, complementary security tools and measures to protect against threats. This approach ensures that if one tool fails or is unavailable or simply is unable to identify a threat accurately, others will continue to provide security coverage.
For example, while an endpoint detection and response (EDR) system might protect against malware on individual devices, it is essential to have other layers such as network detection and response (NDR) systems, intrusion detection systems (IDS), and firewalls in place. Each tool provides a different layer of protection, reducing the likelihood of a successful attack.
When selecting layers of cyber defense, it is crucial to choose tools that address similar problems through different methodologies. For instance, while it would be redundant to install two similar endpoint malware detection tools, you could enhance security by adding email filtering mechanisms that inspect incoming emails for threats, thus intercepting potential attacks at different stages.
The Role of Cyber Threat Intelligence
One often overlooked layer in a comprehensive security strategy is Cyber Threat Intelligence (CTI). While CTI can enhance detection tools by providing actionable insights, it also plays a critical role in monitoring the adversary space. This involves searching outside the organization for active threats, such as identifying campaigns targeting the company or discovering stolen information that might not have been detected internally.
At RedSense, we take CTI a step further by combining adversary space information—including adversary infrastructure, stealer logs, and compromised credentials—with passively collected network telemetry. This method does not require additional hardware or software, making it a cost-effective and efficient way to bolster an organization’s defenses. Our approach is proven capable of save an organization millions of dollars annually by identifying threats that traditional EDR and NDR systems might miss.
Minimal Impact on Resources
One of the significant advantages of the RedSense methodology is that it does not necessitate ramping up an organization’s staffing or expertise. We provide the necessary services and outsourced personnel to interpret important data and generate contextualized alerts, making them understandable and actionable by the existing security team. This ensures that the organization can enhance its security posture without the need for substantial investment in new infrastructure or personnel training.
Conclusion
The recent CrowdStrike outage serves as a reminder that any layer of security can fail, whether in minor or catastrophic ways. This reaffirms the necessity of a layered security approach. By incorporating diverse, complementary tools and methodologies, organizations can ensure robust protection against a wide range of threats. At RedSense, we pride ourselves on providing a unique blend of proprietary cyber threat intelligence and passively collected network telemetry to offer unparalleled protection, identifying threats that are often missed by traditional EDR and NDR solutions.
In summary, the key to a resilient cybersecurity strategy lies in layered defense, leveraging different technical approaches to tackle similar problems. With RedSense, organizations can enhance their security posture significantly without the burden of additional infrastructure or staffing requirements, ensuring comprehensive protection in today’s ever-evolving threat landscape.