High-profile attacks highlight need for defenses against targeted threats
Attacks against RSA, Lockheed Martin, Oak Ridge show focus needed on network monitoring, outbound filtering, whitelisting
Computerworld - The recent spate of successful cyberattacks against high-profile organizations has focused fresh attention on the need for enterprises to implement new defenses against targeted threats.
Last week, the International Monetary Fund joined the list when it admitted to a similar intrusion. An anonymous IMF source quoted in a story in The New York Times described the incident as a "very major breach" that likely resulted from so-called spear phishing.
All of the recent incidents have appear to be very targeted and persistent attacks carried out by adversaries using a combination of social engineering techniques and sophisticated malware programs.
Dealing with such threats requires companies to look beyond security strategies that are focused purely on dealing with traditional network threats, analysts say. Increasingly, companies also need to focus on approaches such as continuous monitoring of networks, databases, applications and users; outbound traffic filtering; and whitelisting.
"Time and again, as details of these attacks are made clear, we find that attackers are not behaving like stereotypical burglars -- smashing a window, grabbing what they want, then walking off with a big bag marked 'swag' while the alarms ring," said Mike Lloyd, chief scientist at RedSeal Systems.
Gartner analyst John Pescatore said that instead, "a common thread through many damaging incidents is targeted executables getting installed on critical servers or high-value employee PCs."
The goal behind many of these attacks is to surreptitiously establish a persistent point of presence inside a network and use that to snoop on an organization and steal information.
One way of dealing with such threats is to constantly monitor for configuration changes on important assets, Pescatore said. Network forensics and database activity monitoring products such as those from FireEye and Damballa are useful in detecting and blocking targeted threats which conventional signature-based tools let through, he said.
Moving to application-aware firewalls that can limit unknown application traffic over Port 80 is another step forward in protection, Pescatore said.
The key thing to remember, though, is that monitoring alone is not a panacea, he added. "For most of these incidents, monitoring the right things is more important than how often you check. And protecting the right things is even more important than monitoring," Pescatore said.
Continuous network monitoring using intrusion detection systems alone is "useless" against targeted attacks, said Richard Stiennon, an analyst at IT-Harvest. "Attackers may still engage in old-fashioned network scanning and attempts to exploit vulnerabilities, but most of the successful attacks recently have involved custom Trojans delivered by socially enriched emails," he said.
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Amazon.com security slip allowed unlimited password guesses on mobile apps
- Huge turnout at RSA shows hackers are winning
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Top tips for securing big data environments - Why big data doesn't have to mean big security challenges Organizations don't have to feel overwhelmed when it comes to securing big data environments. The same security fundamentals for securing databases, data warehouses...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Three guiding principles for data security and compliance Data security is a moving target-as data grows, more sophisticated threats emerge; the number of regulations increase; and changing economic times make it...
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.
- How SIEM Addresses the Challenges of Big Security Data This webcast will help you understand today's big data security challenges and how intelligent and scalable SIEM solutions give IT the tools and... All Data Security White Papers | Webcasts