MWR InfoSecurity has confirmed details of its latest service – Countercept, a complete service for detection and response to cyber attacks. Run by one of the only independent security consultancies listed on the CESG Cyber Incident Response (CIR) Scheme, Countercept is built around endpoint threat detection and response (ETDR), delivered from MWR’s operations centre for 24/7 real-time monitoring of an organisation’s assets.
Speaking about the need for Countercept, Ian Shaw – Managing Director of MWR InfoSecurity said, “No matter how good your defences are, they will be breached at some point. This is just a fact of life when doing business in a world inhabited by increasingly sophisticated attackers and greater reach of networked technology. The most advanced automated detection and prevention tools are by themselves no match for an intelligent human with the right capabilities and resources at their fingertips.”
To solve this problem, the team behind Countercept has over a decade of experience simulating attacks against major organisations, cementing a deep understanding of the attacker mindset. Understanding how an attacker operates allows the team to anticipate an attacker’s next move and therefore stay one step ahead.
Traditional signature or threat-intelligence-based recognition has proved limited as attackers simply make minor adjustments to their attack to subvert detection. Instead, Countercept uses MWR’s own anomaly based detection tool – Deteqt, in conjunction with real-time traffic and event analysis, to determine what ‘normal’ behaviour looks like and then identify deviations. This gives Countercept’s analysts the intelligence needed to identify malware and breaches on the network that traditional anti-virus and detection tools would miss.
It is normal to have an entirely human emotional response at the discovery of a compromise and with it the urge to remove the intruder from the network immediately. However, Countrercept takes a more holistic approach. By carefully monitoring an attacker and preserving evidence, this intelligence is used to both bolster defences and detection against that threat actor or technique and ensure that, when the time comes, a thorough and resilient containment strategy is enacted.
Ian concludes, “The approach to how we deal with breaches has to change to avoid the inevitable attacks having a detrimental effect on businesses. Instead, organisations need to be in a position to detect when a compromise happens, contain and then fully eradicate the intrusion, so that an attacker can’t take advantage of the situation.”