Zero Trust & Resilience Product Design - Essential to Success
Learn more about why both are used by Cyber Crucible to defeat ransomware extortion for good.
Why is Zero Trust Product Design necessary?
Attackers are heavily targeting the trust models underpinning modern IT infrastructures.The more authoritative a program or system is to a network, the greater the opportunity for an attacker to subvert systems dependent on that trustworthiness.
Privileged client and server applications (like security and administration software) depend on network traffic to be sent untampered, and trusted to be from the true source (not spoofed)
Remote management tools such as Kaseya and ConnectWise are trusted to send legitimate commands on behalf of remote administrators.
Active Directory, and peer technologies, are trusted to correctly manage and task users and systems.
Applications are trusted to behave as expected given the installed programs, and not execute 3rd party (usually malicious) code inserted into the program once it is running.
Users and applications presenting tokens, passwords, and keys from normal systems and applications, are generically believed to be legitimate access.
Commands and messages from the core (kernel) of an operating system, the most protected section of the operating system, are trusted to be genuine system management behaviors.
Why is Resilient Product Design necessary?
Attackers work hard to defeat, destroy, and evade security tools that may stand in the way of their data extortion goals.
– In early 2021, some customers were receiving Windows updates which were crashing their systems. Cyber Crucible simply would not die, and would not let the Operating System completely crash and reboot. Event logs demonstrated every other program died, leaving a non-responsive system with a black screen, and Cyber Crucible beaconing to the server.
Network Message Tampering Resilience
Attackers attempt to trick both the server and client applications. This means either spoofing messages from the server, or altering data to the server with the aim of preventing notification or response from the server.
Cyber Crucible Messages are digitally signed with unique, per-installation keys, to ensure messages are valid and from the proper sender
Network Message Firewalling Resilience
Over 80% of endpoint security tools require access to remote analytic servers to function properly. Attackers have learned to firewall off security product servers and dashboards, to degrade or completely disable possible defenses.
Cyber Crucible leverages edge computing to remove all network dependencies for responding automatically. The customer may not receive notification immediately, but the business will be protected.
Uninstall & Disable Resilience
Active Directory, local system accounts, remote administration tools are assumed to be under the control of an attacker. Attackers routinely gain, then use this access to instruct security tools to turn off or uninstall.
Only uninstall when given properly authenticated, validated commands to do so from the assigned Cyber Crucible server.
Kernel-level destruction resilience
Highly privileged access to the operating system is gained by attackers. That access is then used to perform actions that even the most privileged user cannot perform, to attack security tool data stores, configuration settings, and the software itself. Data internal to the system, such as messages passed between programs, is also tampered with.
Operations are performed only in the kernel, without dependencies on the operating system or other applications for data or processing.
Portions of Cyber Crucible examine each other, and self-heal if data, files, or settings are tampered with.
All data and messages, even between Cyber Crucible software libraries, are secured from tampering, and validated prior to execution.
Trusted application resilience
Running applications which are trusted to perform data-centric operations, have attacker code inserted into them.
This makes it appear the trusted application is performing operations, not a different process.
The attacker is able to exist in memory, without using files that can be scanned by antivirus.
Cyber Crucible memory analytics verify that otherwise trusted, running programs have not been tampered with, during operations which may be either legitimate data operations or data extortion behaviors.
Speed & Efficiency Resilience
Attacker tool evolution has dramatically increased the processing speed of their extortion operations. They have also matured their operations on an infected system, where they can have a “controller” program to spawn many malware programs. If one is killed, the controller replaces it. Their proven strategy is to conduct their desired operations before even automated defenses can catch up to them. Defenses do not catch up until the exortionists have accomplished their goals.
Cyber Crucible software is developed using advanced, highly efficient designs to ensure a large attack will not overwhelm analysis and response. Response times continue to be fast enough to ensure data is not extorted, even under concerted attack. This design takes special care not to overwhelm system resources while defending the customer.
When this type of attack occurs, users often notice system sluggishness due to the increasingly aggressive (but unsuccessful) attacker automated attempts to regain control of the system.
Start a free trial today
Sign up for Cyber Crucible today to protect your system against ransomware extortion.
