Privacy policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

How Prescriptive Security aides defending against phishing attacks

Phishing email campaigns are increasingly targeting smaller, more focused groups and becoming more sophisticated. They are therefore more likely to succeed. As a result, business email compromise (BEC) has taken over as one of the major challenges to security. In this climate, it’s helpful to understand how the processes around prescriptive security are distinct from those around traditional cyber security.

Traditional security processes

In a traditional security environment, the analyst must first log into multiple tools to work out what is happening. The analyst uses each tool to view the necessary logs and data to understand the incident. Whilst the analyst might quickly establish that there is a 0-day polymorphic virus, the tools may not link the endpoint with the user in order to easily trace the attack. Without this link, actions to update security at the boundary may not happen quickly, if at all. As a result, more users could be affected.

The analyst also needs multiple security systems and applications to coordinate the right response. This will take time, especially if these security tools aren’t in daily use – again increasing the risks to other users. There may also be risks associated with the order in which remediation steps are configured into the various systems. Even worse, where devices are offline or not connected back into the corporate network, the design of the virus keeps them vulnerable to attack for some time.

If the analyst is not sufficiently trained, or has no access to a particular tool, they may need to raise service tickets to initiate a response, further lengthening the time to respond, especially if those processes take time or the tool is not managed 24x7.

Each of these steps must be fully documented in order to manually trigger actions. This includes processes for logging into the various toolsets such as anti-virus management, network access control management, endpoint detection and response.

Prescriptive security processes

With prescriptive security, the time it takes to identify a problem shrinks to milliseconds. Information about multiple events is collated into one place, enriched with threat intelligence and ready as a single ‘ticket’ for the analyst to analyze and make decisions.

With prescriptive security, the time it takes to identify a problem shrinks to milliseconds.

Straightaway, the analyst has better visibility of the incident using advanced data processing, analytics and security event management systems. And they can quickly link the virus to a phishing attack, for example, on a specific user. Given that this is a new problem, human intervention is needed and yet still minimal: the analyst selects the most effective playbook of automated actions to protect the whole estate.

This ultimately removes the risk of errors and not only improves the initial response time but also helps to reduce or even eradicate the time to detect similar subsequent incidents.

Ongoing service management

All security incidents are monitored, identified, prioritized and managed at the Security Operations Center. Key to security operations is integration with the rest of service management, for example, to ensure that every change to an IT estate is documented and audited.

If all details and current remediation tasks are held purely within traditional security tools, response times are longer and extra change management tasks are created for the service management team. In contrast, with prescriptive security, everyone involved can easily be kept informed of the situation. So, when a phished user contacts the service desk because a device cannot connect to the network, the service desk instantly sees that it’s an incident response and provides explanation.

Forensic investigation

Following any serious incident, thoughts will turn to reviewing how the incident occurred, and how to predict and prevent similar attacks in future. Just as having data spread across disparate systems makes analyzing and responding to an incident slower, it also makes it harder to fathom details of the attack path in retrospect.

In contrast, with prescriptive security, there is full auditability and continuous learning working in harmony to bolster the defenses against cyber threats. Prescriptive security transforms the way security analysts work. It helps security teams stay ahead of bad actors who are growing both in number and in sophistication of attack strategies.

This blog post is adapted from Stephen’s article in “Digital Vision for Cyber Security 2,” where you can read more about the new security paradigm from the Atos Scientific Community.

By Stephen Wing, Security Consulting Practice Lead, Atos UK & Ireland

Posted on August 11

Topics

Tech essentials
Digital Transformation
Cyber security

Share this blog article


About Stephen Wing
View all posts by Stephen Wing
Security Consulting Practice Lead, Atos UK & Ireland
Stephen heads up the Digital Compliance Practice for Atos UK&I. Stephen is responsible for providing Security Consultancy services to Atos customers in all market sectors, and is currently directly supporting customers in the nuclear, defence and financial sectors. Stephen has 25 years’ experience in Cyber Security, having worked in the Security Industry since leaving University of Durham with a Mathematics Degree.

Follow or contact Stephen


 
View all blogs

Related articles

Creativity matters: The human superpower in an increasingly digital world
The top 5 modernization concerns for CIOs (and how to address them)
Unity through diversity: Creating a more inclusive world
The secret to competitiveness: A lab-based approach to innovation

Related Links

Categories