THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Scanning won’t cut it anymoreWhen it comes to IT Security, an organization wants to make sure that they are doing everything right. Whether it is scanning for vulnerabilities or looking for malware on the network, a company will spend time, effort, and money to make sure that they are doing everything right in protecting their business. As the IT Security Professional, it is our responsibility to make sure that those resources are used effectively. Are you using applications or systems that are actually helping you? How do you know? Network Monitoring Network monitoring and vulnerability management are areas that many IT Security Professionals focus their time and energy on these days. Especially with all of the compliance requirements that have been mandated by the government. This has led to a sense of security when it comes to using network monitoring applications or systems. As we rely on these systems to automate the processes that we were doing by hand just a few years ago. It is important to remember that these systems need to have a human in the middle to interpret the information, and then to take action on those areas that have been highlighted. Making the Case Making the case for going after advanced persistent threats (APTs) should be a no brainer. Nevertheless, the truth is that not every threat is going to make itself known to the scanning application(s) (or to multiple applications, for that matter) which may give a false sense of security. This will cause those that may be responsible for network maintenance to not believe the results. The goal for all IT Security Professionals is to both, educate others in the organization to the importance of vulnerability scanning, and to make sure action is taken when a threat or vulnerability is found. While APTs do pose a threat to the network, they are a hidden threat that goes under the radar until they actually do something to the company. By then, it’s too late, and the potential for information loss is significantly greater. Behavior is NOT a Signature While a lot of network monitoring software will utilize a signature of the potential malware or threat in order to detect it. Looking at system behavior and network traffic is a better way to track down those systems that may be compromised. Heuristics is an area that has the ability to look at the whole picture and to see areas that may not look like they are connected, but when looked at heuristically, they make perfect sense. The benefit for heuristics is that software changes at a rapid pace, but behaviors don’t. In order to detect malware applications, some network monitoring applications require a signature in order to detect it. Between the time the new version of the detection application is being updated and sent out to customers, a heuristic application may have already caught it due to its behavior. The malware will utilize any means necessary in order to hide or go undetected. Attack Approach Most APTs will use a multiphase attack methodology. These are the phases regardless of how they entered the network that may be followed depending on the organizational structure of the group(s) conducting the attack against your network:
Key Indicators of APT Attack
While APTs have been known to evade detection by most anti-virus scanning applications, there are some signs to watch for if you suspect that your network may be compromised by an APT:
Mitigation Strategy While detection of APTs may be difficult, there are mitigation steps that every organization can take in order to lessen the potential risk of an attack. The steps are listed below:
Gaining Control Once an APT has been identified, all effected systems should be brought offline and network access disabled. This will help to isolating the systems on the network and also helps to lessen the damage that may be caused by an ongoing compromise of the network. While this will stem the loss of data, it is not meant as a fix. These steps just remove the immediate threat, recovery steps will need to be taken once the threat has been identified and isolated. Summary APTs are continuing to plague organizations as they struggle with dealing with securing their data. This can lead to data loss and an impact to the business in ways that may not be realized for years to come. No matter what type of business you are in, the potential threat is there for APTs to cause havoc for your network. Also, due to the complexity of detecting and protecting against APTs, businesses need to be proactive in their approach to these threats and all members of the support teams and groups need to understand the need to act swiftly once a threat has been identified or suspected. Using an application and systems that not only use heuristics but also those that use signature based detection in conjunction with the behaviors are the ones best utilized in these circumstances. It is not just the signature that will catch the threat, but what is actually going on behind the scenes that you are not looking at that will help to identify what is really going on, on your network.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|