Anatomy of an Attack

Steps in an Attack    Four Stages    Preparing for Attack    SCIT  Approach         

Steps in an Attack

Four Stages of a Cyber Incident

  • Pre-Exploit focuses on eliminating vulnerabilities. Intrusion prevention devices are used. Patch application is required. Information Sharing helps collect signature and malware characteristics.
  • Criminals collect information about the target and compromise the systems of employees or partners. Typical Exploit takes hours or days.
  • Most breaches are the result of third party reports. Breach discovery is a complex and difficult task. Post Exploit stage takes weeks or months.
  • Remediation stage includes server isolation, recovery and restoration. This takes weeks and months. Results are used to make the prevention approaches in Pre-Exploit stage more robust.

Breaches impact on corporate reputation. Each breach requires notification to the customers, partners, and government agencies. This is a long process that can take months.

Preparing for an Attack

1. There is no silver bullet.

2. Trust no one: most vulnerabilities are inadvertent. Assume you have already been hacked and

criminals are in your systems.

3. Monitor, monitor, monitor.

4. Adopt IT solutions that require less people support.

5. Regularly restart and restore systems to a pristine state, thus removing criminals from your systems.

SCIT Approach

  • SCIT automates the restart and restoration process while ensuring uninterrupted service to the customer and continuity of business operations.  
  • SCIT approach reduces costs of operation: no false positives, no memory leaks, apply hot patches.
  • SCIT enables the system owner to reduce the time between exploitation to restoration to a minute as compared to weeks and months in current approaches.  This makes it harder for the hacker to exploit the vulnerabilities. The hacker is forced to make repeated attempts to achieve hacker objective. Thus the hacker is more exposed.
  • SCIT readily interfaces with other security systems like prevention, detection and forensics and aggregation tools like Security Incident and Event Managers.  On completion of the SCIT cycle, the VM is examined and a risk score computed to provide input to the corporate monitoring systems.