Attack Timeline
A high level look at ways attackers can gain access to your environment
Environmental Awareness
You should always know what risky software, hardware, vulnerabilities, open holes to the internet, and other risks are in your environment. Strong, consistent diligence will create a more secure environment, reduce risk, and make it more difficult for bad actors to monetize an attack.
Reconnaissance & Probing
Over a time period of anywhere from hours to months, bad actors are checking your defenses. Fortis offers Adaptive Threat Response™, which uses machine learning (ML) and correlations to block the adversary immediately and stop potential threats.
Delivery & Attack
Within hours, bad actors have identified your weaknesses. They devise ways to trick trusting users with a well-constructed phishing attack that leverages information from their reconnaissance. This often includes spoofed emails with attachments or links to websites that look legitimate but are designed to deploy malware and/or collect user login credentials.
Exploit & Installation
Minutes after a user has inadvertently installed malware or entered their email and password on a fake site, bad actors use that information to access the internal network and systems. Unfortunately most organizations do not use multi-factor authentication, which helps prevent these types of exploits.
System Compromise
Your system has officially been compromised. Bad actors then work on escalating privileged access, moving laterally within your organization with the goal of obtaining administrative access in order to delete your system snapshots and backups.
Breach
Bad actors may copy your data and/or hold it hostage via ransomware. You can no longer conduct business as your systems and data have been encrypted. Critical customer, employee, and personal information may be permanently lost or sold on the dark web. Many organizations do not survive a breach.
1
Environmental Awareness
Environmental Awareness
2
Reconnaissance & Probing
Reconnaissance & Probing
3
Delivery & Attack
Delivery & Attack
4
Exploit & Installation
Exploit & Installation
5
System Compromise
System Compromise
6
Breach
Breach