Contact Us

A Pound of Flesh, No More, No Less - Part 2 - How Cavirin Protects You

In my previous blog, I looked it just how easy it is for the typical hacker to obtain a variety of exploit tools, or to obtain compromised data. The hacker lifecycle roughly maps to the diagram below, where he or she first obtains or develops the various tools, or leverages ‘dark web’ services, then leverages these to compromise physical assets with a goal of obtaining useful data.  Here, I’ll look at how Cavirin helps you counter these threats by focusing on the middle phase – how to protect your assets, either on-premise or in the cloud. 



Hacking as a Service (HaaS)

For those familiar with the Cyber Kill Chain concept (and I realize that there are different views on applicability, but it is useful to frame the discussion), the lifecycle may look familiar.  There are seven stages, with stages 3-5 of interest.  

  1. Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
  2. Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
  3. Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
  4. Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
  5. Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
  6. Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
  7. Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

Mapping these stages to a more practical example, the figure below looks at three APTs (Advanced Persistent Threats) – 3, 28, and 29 – and at which stage they appear.

So how exactly can Cavirin help?  We permit the CISO or her delegate to automate, by leveraging a broad set of foundational guidelines and frameworks, the OS security of physical assets.  And by physical assets I mean the on-premise or cloud-based servers, bare-metal, virtualized, or even containerized.  One example is mapping the NIST CSF to the stages, and how we mitigate risk along the way. Though some of the details in the figure below are not visible, the key is mapping the functions and categories to the stages and understanding what technical controls to apply. Our platform does this automatically.

We also help secure your AWS, Azure, and GCP cloud accounts, and protect your network-layer services from attack.  In addition, if you are in an industry subject to additional regulations such as PCI or HIPAA, or are dealing with the EU and subject to GDPR, we can help you adopt best practices for your servers.

Our asset protection can help prevent the exposure of the PII, e-PHI, and account data as outlined in the previous post, as well as slowing or mitigating the impact of DDoS, RDP, and Ransomware attacks.

We don’t leave you hanging. In fact, we give you enough rope to hang the hackers!



© 2019 Cavirin Systems, Inc. All rights reserved.