What You Need to Know about Supply Chain Attacks
supply chain attacks. One way to do this is with extended detection and response (XDR) solutions. Such solutions give visibility across networks, endpoints, and applications to analyze, hunt, and remediate attacks.
The threat response feature in Cisco SecureX is ideally suited to assist in cases like supply chain attacks. As an integrated security architecture that automates integrations across Cisco Security products, it greatly simplifies threat investigations and responses. And these investigation and response capabilities combine into one convenient, efficient workbench.
For instance, if you suspect a supply chain attack, you can aggregate threat intelligence, drill down to see where specific activity began, track it across the network to get the larger picture, and then take corrective action directly from the interface, blocking suspicious items on the spot.
A critical component of this visibility is Cisco Secure Endpoint, providing both threat hunting and response capabilities in a single solution, leveraging the power of cloud-based analytics. Powerful tools like file trajectory and device trajectory use Secure Endpoint’s continuous analysis capabilities to show you the full scope of a threat and identifies all affected applications, processes, and systems.
Network visibility is critical in detecting attacks as they attempt to move throughout the network. Tools like Cisco Secure Network Analytics can detect suspicious and unexpected activity on the network, as well as data exfiltration, policy violations and other sophisticated techniques used by attackers. Secure Network Analytics can even analyze encrypted traffic for unusual activity.
In addition, use Secure Network Analytics with Identity Services Engine (ISE) to segment the network. While segmentation will not stop a supply chain attack, a well-segmented network means malicious activity can be much more easily contained and creating more chances for detection. With ISE, know who, what, where, and how endpoints and devices are connecting. ISE even allows for software-defined access and automates network segmentation.
Detecting anomalies in application behavior can help identify a supply chain attack. To do this, solutions like Cisco Secure Workload can provide the ability to baseline the normal behavior of your applications, allowing you to quickly identify anomalies or suspicious behavior.
This can all be a little overwhelming. If you’re looking for assistance in dealing with a supply chain attack, Cisco Talos Incident Response (CTIR) is here to help. Whether you’re looking for an emergency incident response, help with playbooks, readiness assessments, threat hunting, purple team exercises or more, CTIR can provide.
Ben Nahorney is a Threat Intelligence Analyst focused on covering the threat landscape for Cisco Security. With more than a decade and a half of experience in the Internet security field, Ben has weathered threat outbreaks reaching back to the early 2000s and helped develop and report on breaking research such as the Stuxnet virus.
This guest blog is part of a Channel Futures sponsorship.