In the movie “Minority Report,” police use predictive insight to stop crimes before they happen.
Effective IT security now demands the same.
Today’s sophisticated attacks routinely evade conventional after-the-fact technologies such as firewalls and signature-based malware detection. Therefore, it’s essential to adopt new measures that predictively neutralize these new threats.
Fortunately, it’s possible to predict and prevent attacks before they’re fully launched. It’s also possible to stop command-and-control exfiltrations before they do real harm. This proactive protection requires:
- A large, statistically significant volume of real-time internet infrastructure intelligence
- Statistical models that leverage this intelligence to immediately pinpoint and neutralize attack infrastructure without waiting for detection of attack artifacts.
By implementing a cloud-delivered security service possessing these attributes, you can block phishing attempts, bespoke malware, and other evolving threats from the moment attackers first start spinning up their attack infrastructure. You can also quickly identify and neutralize potential destinations for exfiltration.
Just as important, you can gain this improvement in protection immediately, without disrupting your existing environment.
At Axle Cloud, we make it mandatory that every site we support with a managed service is protected with this type of security.
Why change now?
By adopting the “pre-crime” statistical models described above businesses can dramatically improve their IT defenses. More specifically, they can gain three extremely valuable benefits:
- Pre-emptive protection from even the most advanced zero-day threats. No matter how clever or surreptitious attackers may be, they first have to spin up attack infrastructure. By identifying and neutralizing that infrastructure, a cloud service enforcing statistical model-based intelligence provides pre-emptive protection unlike any other security technology.
- Early interdiction of command-and-control traffic. The worst high-profile security breaches often occur because an enterprise failed to detect exfiltration
for several months. Statistical model-based intelligence nips these damaging long-term exfiltrations in the bud, because they can quickly identify and block the external destination of command-and-control traffic — long before enterprise security teams typically discover and pinpoint an internal (and potentially well-camouflaged) compromise.
- A 50% to 90% reduction in security alert volume. Enterprise security isn’t just about effective defense. It’s about effective defense within finite resource constraints. By blocking attack infrastructure before most attacks can even touch the enterprise, DNS-layer security dramatically reduces security events and alerts — freeing staff resources for other tasks.
Our statistical models have been proven in the field to be nearly 100% successful at discovering new malicious destinations before next- generation firewalls, secure web gateways, or sandboxes find them. Given this efficacy — and given the magnitude of the risk posed by next-gen attacks — these “pre-crime” techniques have become indispensable to IT security.
Feeding statistical models with statistically significant internet data
The internet is a big, busy place. Attackers rely on its scale and complexity to hide their malicious activity. That’s why, to uncover that activity in every dark corner of the internet, it’s essential to feed statistical models with large samplings of geographically diverse internet data, including DNS, WHOIS, BGP routing, IP geolocation, malware file connection, and SSL certificate information.
The security Umbrella processes 80 billion DNS requests daily from 65 million users across 160 countries — or about 2% of the internet’s total activity. This in-house data is already statistically significant. Umbrella further complements that data with WHOIS records and BGP routing data from 500+ peering partners, as well as malware alerts from Cisco and other global security leaders. As a result, Umbrella currently protects 7 million total malicious destinations at any give time — and identifies 60 thousand new malicious destinations daily. The existence of 7 million malicious domains underscores just how intense attack infrastructure activity has become — especially as attackers increasingly use domain generation algorithms (DGAs) to spin up thousands of domains at a time. It also underscores how important it is to choose a security provider capable of detecting and blocking that infrastructure before an attack compromises an organization’s digital integrity. Axle Cloud leverages Cisco’s scale and power to cost-effectively protect even the smallest business from cybercrime.