I often see security vendors offering a way to "Stop APTs!" and "Eliminate Targeted Attacks!" and I know that organizations successfully use these solutions to reduce the numbers of attacks that get onto their network, but maybe it is the skeptic in me that has a hard time believing that any solution could ever single-handedly deliver on these promises to make your defenses bulletproof.
Due to this heightened sense of never expecting people to deliver on their promises, I want to talk blog about what you can definitely accomplish and feel great about: making the breach too expensive to pursue.
I am certainly not the first to write about it, but attackers (save for maybe nation state-funded groups) have to worry about cost of an attack compared the expected financial gain. They want to put in as little time and money as possible to infiltrate your organization, so if you have strong preventive controls in place and effective incident detection, you can absolutely make the cost high enough that they shift their focus to one of your competitors, or even, another industry altogether.
If you think it is unethical to be pleased when an attacker stops targeting your company and instead aims at your competitor's, just remember that they are (or should be) just as focused on prevention and detection, and in doing so, the two of you are raising the bar for security across your industry and continuing to demand that others do the same. How noble of you.
What's the added benefit of actually caring and improving the security of your organization? The sophisticated attackers often try known exploits, packaged malware kits, and other low-cost means to get in on the first attempt before changing their strategy to a 0-day exploit that they may have at their disposal. But, even in the case that a 0-day is used, you forced that bad guy to expose his costly 0-day to the world so that everyone else can stop it moving forward.
We would love to hear your thoughts on raising the bar, and if you want to learn more about how UserInsight could elevate your detection capabilities, please here register to speak with our team.