Sightlabs’ approach towards cybersecurity
Sightlabs has been established around the hypothesis that intruders have already nested themselves in the internal networks of while being unnoticed by common cyber security technologies and monitoring and detection tools.
There are many cybersecurity vendors that offer Intrusion detection systems (IDS) that work through anomaly based detection. While these systems are effective in detecting known intrusion attempts and exploits, they are not able to recognize new attacks and carefully worked out variants of old exploits. More advanced zero-day attacks or attacks from carefully orchestrated targeted attacks are not detected, with the result that malware or ransomware can nestle unnoticed in the company network;
Presume breach by targeted attacks
Sightlabs advocates an attitude for the corporate world to presume that the intruder is already in their network. Monitoring of the internal network is as important as the protection at the gate.
The most worrying trend for companies and organizations are the targeted attacks which are designed especially for a specific company which methods and signatures are new and therefore cannot be detected through the use of anomaly based monitoring tools.
Tools which focus on analysis of traffic patterns have the ability to locate the intruders ; This technology is called Network Behavior Anomaly Detection: analyzing normal versus strange behavior of nodes in a company network.
The result will be that very advanced attacks can also be detected better and faster.
The Sightlabs DNS Ninja tool is an anomaly detection tool on DNS data which currently can be offered and supported.