In 93 percent of cases, a threat actor can penetrate an organization's network perimeter and gain access to local resources. 

As cyber attacks grow more sophisticated, it’s not enough to take a passive approach to threat management. You need to stay one step ahead. This means understanding the latest methods bad actors use to initiate attacks, as well as familiarizing yourself with best practices for identifying and fixing vulnerabilities.

In a recent webinar, Terumi Laskowsky, Pluralsight instructor and Founder and Director of Pathfinders Japan, shares six cybersecurity tools organizations can use to strengthen their defenses and prevent attacks.

From DDoS to APT attacks, there’s no shortage of cyber threats, and there are just as many ways to approach cybersecurity. If you know how to prevent cyber attacks from every angle, you can strengthen your defenses from all sides. These cybersecurity tools can help you get that 360 view:

Before we dig into the database itself, let’s cover the basics of cyber vulnerabilities.

A vulnerability in cybersecurity is a weakness that may lead to information being compromised in some way. Depending on the severity of the potential compromise, there are different types of vulnerabilities: critical, high, medium, and low. While some vulnerabilities arise from bugs or mistakes, that isn’t always the case. Something like an updated environment could also create new vulnerabilities. 

Terumi gives the example of a mainframe computer. These legacy computers initially resided deep inside a company’s proprietary network. Now, they’re exposed to the internet directly or indirectly. “Things change,” Terumi says. “And there are no bugs in that software—it's just not fit for the new context.” 

The National Vulnerability Database is a centralized database of well-known vulnerabilities  impacting big-name systems and software. Search the database with a particular system in mind, and you’ll see a record of its well-known vulnerabilities and their severity levels.

Because this database focuses on well-known vulnerabilities, you won't find information about vulnerabilities impacting highly customized software. 

The National Vulnerability Database gives you the ability to approach cybersecurity from a vulnerability management perspective. It can help you identify and evaluate vulnerabilities potentially lurking on your systems. 

You can search the database for the software and systems you use. Then, comb through the results, paying special attention to vulnerabilities with critical or high severity levels. Read the vulnerability summary and consider the following questions:

• Do you use this particular version of the software? 
• Is there a patch you can put in place? Keep in mind any potential dependencies. 
• If a patch isn’t available (or you can’t use the patch because it may break an existing system), what compensating controls can you apply? Compensating controls are security measures you can use to "cover" for the lack of protection, like putting additional firewall rules or strengthening Intrusion Detection rules.

What if you run your software and systems through the vulnerability database, or vulnerability management software, and you don’t see any matches? Does that mean your systems are fully secure? Unfortunately, no. It just means that you might want to try a different approach.

If you don’t receive results with the vulnerability perspective, try the threat perspective. 

In cybersecurity, a threat is anything able to touch a vulnerability and somehow compromise that asset. A threat agent is the source of the threat. “The threat could be human,” Terumi explains. “It could be malware. It could also be something like a natural disaster.”

A DDoS (Distributed Denial-of-Service) attack is a type of threat that comes from multiple locations. These attacks attempt to overwhelm the target system in order to block access.

“A network is like a big water pipe,” Terumi says. “If you put in more water than what the pipe can take, it's just going to overflow. And that's basically what happens with the DDoS attack. People send you so much stuff that legitimate users cannot access the network server, application, or tool.” 

The DDoS & Cyber-Attack Map shows DDoS attacks in real time, giving you visibility into the sheer number of attacks happening at any time around the world. The lines or tails are the actual attacks, and the circles are the targets or victims of the attacks. 

This cybersecurity tool won’t help you stop DDoS attacks directly, but it gives you big picture visibility into the number and frequency of attacks. In all likelihood, your individual organization won’t be a primary target for DDoS attacks. But your internet service provider or cloud vendors might be. 

These providers typically have the bandwidth to withstand DDoS attacks. They also take measures to protect themselves. But if they don’t have enough protection, they can be overwhelmed. Speak with your ISP or cloud vendor to understand their security measures and the steps they take to protect their clients.

Threat agents don’t need to send massive attacks. They can also send pointed attacks that attempt to exploit specific vulnerabilities. While the DDoS map focuses on distributed attacks, Fortinet’s Threat Map displays real-time threats focused on specific vulnerabilities (like those found in the National Vulnerability Database).

The bottom of this map shows the exact type of vulnerability that threat actors are exploiting with each attack. So, if you know what vulnerabilities you have, and you see threat agents targeting the same vulnerabilities at other organizations, you can try to patch or remediate the vulnerability so you aren’t exposed.

By this point, you may be wondering, “But how do bad actors find my vulnerabilities?” 

Shodan is a search engine that works a lot like Google. It finds everything that's connected to the public internet (not private networks). This might include cell phones, web servers, refrigerators, power plants, smart watches, and more.

When Shodan requests a connection with these devices, it may also receive data like IP addresses, locations, software versions, and even default logins and passwords. 

Attackers can use this information to find vulnerable devices and try to gain access. But the flip side is also true: You can use tools like Shodan to find potential security issues and vulnerable systems exposed to the internet before the attackers do. Then you can secure them.

“This is a legitimate tool that people use both for good and for bad,” Terumi says.

So far, we’ve covered cybersecurity tools that help you find and identify vulnerable resources. But how do threat actors actually attack?

ATT&CK provides a knowledge base of attackers’ tactics and techniques, giving you insight into their processes with real-world examples. When you understand how threat actors work, you can stay one step ahead. 

“You can actually put these [attacker] techniques into something like an intrusion detection system,” Terumi shares. Using rules created from these techniques, you can create alerts to spot, and prevent, similar cyber attacks in your own network. 

ATT&CK also lets you search for techniques surrounding particular concerns, like ransomware, if you’re looking to bolster a specific part of your cyber defenses.

The vulnerability and threat perspectives help you identify potential cybersecurity risks. The priorities approach takes it one step further. This involves looking at the threat landscape and asking yourself, What applies to my organization and my environment?

“You have thousands and thousands of vulnerabilities, and yet most of those things are probably of no relevance to you,” says Terumi. 

Threat management software like Amazon GuardDuty is more of a service than a cybersecurity tool, but it examines the threat landscape and your own environment. If it sees any bad behaviors in the outside world present in your environment, it will highlight them for you. 

“It’s not going to stop it,” Terumi explains. “But it will tell you, ‘Hey, maybe you should be careful here because we see something happening in your environment that you should pay attention to.’”

Each cybersecurity tool works well on its own, but they work even better together. If you take advantage of all of them, you get a clearer picture of your organization’s cybersecurity and how you can strengthen your defenses.

Terumi Laskowsky, Founder and Director, Pathfinders Japan Ltd.

Terumi is an IT security consultant whose firm serves global companies and defense-related organizations in the U.S. and Japan. Her expertise includes cloud security, application security, ethical hacking, and certifications (CISSP, CCSP, CEH, and more). A gifted teacher, she also delivers instructor-led training for Pluralsight in IT security technologies.