'Security Has Turned to a High-Stakes Battleground Now '

You may not be able to completely lock down your network, but with a vigilant approach and the right systems and services in place, you can defend it.

In today’s era, with the unfathomable speed at which technology is advancing, it doesn’t take time for a present-day misconception to turn into a stark reality tomorrow. Until recently, many organizations presumed that they could soar ‘safely’ under the radar of targeted attacks. Naïve as it may sound today, but they believed that, Advance Persistent Threats were mostly a cause for worry only for the government agencies, financial service organizations, and large energy and utilities companies. Corporates felt secure keeping information assets safely behind a firewall, ‘safe’ within the physical boundaries of the data center and, the corporate brand was never considered to be much of a target for would-be attackers. Companies mostly focused on how to grow the business and protecting data was a simple, reactive process, until now! Ambiguous concern to a high-stakes battleground Social networking, cloud computing, mobile devices and the ubiquity of information have shifted information technology (IT) paradigms and opened new possibilities of attack. The business world has reached a state of cyber siege, with data breaches dominating headlines. Companies are now fraught to protect critical information assets as their networks are being hit by a constant bombardment of attacks. Security has turned from an ambiguous concern to a high-stakes battleground now. As the number of data breaches continue to rise, targeted attacks and advanced persistent threats are threatening to challenge the ability of businesses to compete. Advanced persistent threats work by learning and then misusing network security exposures. It then uses that recognized vulnerability as a launching point for further intrusion into a network. Simply put, it uses multiple methods that appear fragmented to garner a position into what administrators think is a secure system. While it uses most of the same methods as the traditional attacks, they differ from common botnets and malware because they target planned users to gain hidden access to key assets. It can do misleading damage long before an organization knows that it has been compromised. Just like the stealth aircraft evades the radar, persistent threat slip by invasion detection. They are directed attacks intended to dodge conventional detection. Once inside and hidden as genuine traffic, they can establish secret, long-term residency to drain off your valuable data with license. They signify a major shift compared to the high-profile hacking events of yesteryears that commonly targeted networks. Concentrating on the weakest links of your defense chain, it targets particular system susceptibilities and, more importantly, specific people. While the victimized organizations differ in size, type, and industry, the individuals they target typically fits the same profile: people with the highest-level access to the most valuable assets and resources. What next? To defy advanced persistent threats, organizations need to move from a perimeter-based approach to an inclusive approach that focuses on multiple layers of defense, analytics and incident response. Key components of the threat defense strategy comprise of a clear understanding of what you need to protect, data classification, security posture evaluation, improved detection capabilities, security awareness and training and proactive incident response plans. Defending against them isn't so much a technology problem, but more of a strategic issue, where the procedures of layering defenses prove to be sensible to stop them from penetrating and dispersing through an enterprise network. Simply put, advanced persistent threat may only require a single vulnerability to penetrate the enterprise, however much of the damage can be prevented post the infiltration if the activity is detected and stopped. Some of the following steps can prevent damage by addressing certain security elements:

  • Defending endpoints from malware is a critical element for preventing attacks. However, with the exponential surge in virus signatures, as well as, the evolution of self-modifying viruses, traditional anti-virus solutions may not be able to keep up with the demands of protection. That is why it is critical to use multi-layered, threat-based protection, which includes traditional full-and partial-signature matching, as well as the ability to recognize, block, and remove known malware and variations. In addition the anti-virus system should include advanced behavioral analysis, exploit detection and sandboxing. This helps to recognize, block, and remove hidden and unknown malware.
  • Software vulnerabilities continue to grow and new weaknesses are discovered on a daily basis, making it difficult for even the most proactive network manager to keep security cover in order. Here, automation has become a must, especially as systems grow in complication and become more scattered. Keeping up with known vulnerabilities requires repeated and alert patching.
  • Any device used in the enterprise can become the origin of the advanced persistent threat reaping success. Those devices can range from removable media to smartphones to handy computing products. Simply put, if the device can connect to the enterprise, it can become a carrier of data theft or infection. To battle the threats associated with devices, control must be established, which usually comes in the form of a data leakage prevention system, where access is controlled and all information is encrypted.
  • With the growth in web based applications, cloud services and social networking, it has become very easy for users to launch external applications, download information, launch scripts or install applications - any of which could possibly contain malware and bring the threat beyond the corporate firewall. Installing a web sifting system that supports application white (and black) listing can go a long way towards preventing users from retrieving sites that may host applications or scripts that can spread malware or launch attacks.
Organization can reach a tolerable level of risk if we upgrade our philosophy around securing data assets, and work from the belief that we are already compromised. Being ready to respond aggressively to an attack will go a long way, while mobilizing yourself with the right gears is critical—if botnets are the heavy weaponry of cyber-crime, tools such as advanced threat protection, security analytics and application whitelisting are the responsive shields. You may not be able to completely lock down your network, but with a vigilant approach and the right systems and services in place, you can defend it. Iyer is the BUE, IBM Security

Tags assigned to this article:
Advanced persistent threats ibm security


Around The World