In their talk on ‘Disrupting the progression of a cyber-attack', the duo ran through some basic – and more complex – methods of deterring attackers, and concluded that internal knowledge and time can play pivotal roles.
“Figure out where the critical files are, and where the sensitive users are on the network. Spend more time on dealing with those,” said Melancon, who added that some firms spend too much time defending all areas of their network – something he referenced as a “wack-a-mole” technique.
He continued that firms need to develop a finely-tuned view of what represents a good and bad network, and said that this can often be achieved by establishing a “good baseline understanding” of what normal usage looks like.
Honan, meanwhile, was keen to stress that too many CISOs and IT departments are losing sight of the fact that they have the “home” advantage when facing attackers who may well be breaching the company's perimeter for the very first time.
“One thing we fail to recognise is that there is a home field advantage when defending – you know where everything is, but attackers have to go scan, go searching and that can take time. Distract and divert [attackers] from their core goals, and make it difficult for them to manage.”
Melancon – a 25-year industry veteran who previously held management roles at DirectWeb, Symantec and Fifth Generation Systems, also picked up on this theme and suggested that delaying hackers is sometimes enough alone for them to move onto easier targets.
“Time is money for attacker,” said Melancon. “The longer the time [in the network] the more likely they are to get caught. It can give you the information on who did this.”
“Know your network. You control traffic during the attack – you can slow it down,” added Honan another deterrent. He continued by comparing IT defence to that of castles in centuries gone by and suggested that IT team should know “who their peasants are” and what represents “acceptable loss”.