Breaking the Cyber Kill Chain Takes a Global Disruption Network

Today’s adversaries are more sophisticated, specialized and connected than ever. The rapid adoption of digital platforms and the expansion of the criminal underground on the dark web has provided threat actors with new means of planning and executing cyber attacks. The rise in double extortion ransomware is one example of this increased sophistication of tried and true techniques. As these tactics evolve and attackers become more specialized, traditional blocking, deleting and takedown techniques have become insufficient. The scale and sophistication of the modern digital cyber kill chain requires a new holistic approach that focuses on infrastructure dismantlement and covers all digital platforms that attackers may leverage. It was from this challenge that ZeroFox’s disruption capabilities were born.

What Makes Disruption Different from Takedowns?

For a long time in the cybersecurity industry, we’ve been talking about takedowns. From the removal of impersonating accounts on social media to blocking malicious phishing emails, takedown are an effective means of addressing an individual threat. But in today’s ever-connected digital world, no threat exists in a vacuum. By solely focusing on the individual post, account or site, we fail to consider the broader context behind that malicious activity. 

Disruption on the other hand seeks out that context. It answers the question of “what else is this post/account/site tied to?” and most importantly “what other related threats are out there?” The modern cyber kill chain is made up of a series of individual malicious actions, requiring multiple takedown requests. Pivoting to a disruption strategy allows a security team to address the entire kill chain, not just the individual steps. A concrete example of this: a malicious domain discovered by the ZeroFox Platform triggered 70+ disruption actions, including deploying to hosts, registrars and a global network of disruption partners. Traditional takedown providers would stop at a single action. 

Creating a Global Disruption Network for Good 

As cybercriminals begin to rely more and more on a criminal underground network, specializing in niche elements of the cyber kill chain, security teams must develop their own network of disrupters and good guys to fight back. This is exactly what ZeroFox is working to achieve. ZeroFox works directly in partnership with hosts, registrars, social networks, digital platforms and other technology providers to effectively disrupt adversaries together. Download our free infographic, “Disrupting the Digital Cyber Kill Chain,” to understand how to build comprehensive protection, intelligence and disruption solution at every stage of the modern cyber kill chain. 

ZeroFox and Mandiant: Disrupting the Cyber Kill Chain Together

As part of that global disruption network, we are proud to be partnering with Mandiant to provide global adversary disruption and malicious content takedown capabilities to Mandiant customers. This partnership represents a concerted effort to fight back against cybercriminals and sophisticated networks together. Specifically, ZeroFox’s disruption capabilities will be available within the Mandiant Advantage platform for subscribers of the Mandiant Advantage Digital Threat Monitoring service to review security incidents on the Mandiant Advantage dashboard and immediately initiate action by the ZeroFox global disruption team to tackle domain and social media-based attacks.

The partnership will extend ZeroFox’s best-in-class social media and domain disruption services to Mandiant customers, including:

• Threat actor disruption: removing malicious websites and content via advanced web domain takedown services
• Brand protection: blocking malicious URLs and making them inaccessible to employees and customers
• Remediation of malicious social media accounts and content: stopping brand and executive impersonations and targeted phishing, ransomware and scams on customers 

Disrupting the cyber kill chain takes a network. We’re proud to partner with Mandiant towards the goal of disrupting adversaries and helping customers fight back together.