Inside IT Security's New Reality: Damage Containment
More security experts and vendors are espousing the view that bad guys will eventually sneak into your corporate network, even your big data. Can your IT team contain the damage once the hackers arrive?
Any Defense contractor--and now, a few security vendors--can tell you that even the best security technology and expertise can't stop a well-funded and determined attacker.
That new reality, which has been building for several years starting in the military sector, has shifted the focus from trying to stop attackers at the door to instead trying to lessen the impact of an inevitable hack. The aim is to try to detect an attack as early in its life cycle as possible and to quickly put a stop to any damage, such as extricating the attacker from your data server--or merely stopping him from exfiltrating sensitive information.
It's more about containment now, security experts say. Relying solely on perimeter defenses is now passe--and naively dangerous. "Organizations that are only now coming to the realization that their network perimeters have been compromised are late to the game. Malware ceased being obvious and destructive years ago," says Dave Piscitello, senior security technologist for ICANN. "The criminal application of collected/exfiltrated data is now such an enormous problem that it's impossible to avoid."
Attacks have become more sophisticated, and social engineering is a powerful, nearly sure-thing tool for attackers to schmooze their way into even the most security-conscious companies. "Security traditionally has been a preventative game, trying to prevent things from happening. What's been going on is people realizing you cannot do 100 percent prevention anymore," says Chenxi Wang, vice president and principal analyst for security and risk at Forrester Research. "So we figured out what we're going to do is limit the damage when prevention fails."
There are certain types of attackers you cannot prevent from getting in if they are determined to do so, says Richard Bejtlich, chief security officer at Mandiant Security. "They will get into your company, but that doesn't mean you should give up," he says.
For organizations like the military that are constantly under siege by cyberattackers, this is nothing new. "Twenty years ago, we thought we could keep these guys out," Bejtlich says. But the Air Force was the first to realize that was not the case after it began instrumenting its networks with custom sensors to detect the attackers, he says. The Air Force quickly realized it wasn't so much a matter of keeping them out, but finding them as quickly as possible and extricating them, he says.
Most external hacks of databases occur because of flaws in Web applications that link to those databases. In this report, Protecting Databases From Web Applications, we'll discuss how security teams, database administrators, and application developers can work together to improve the defenses of both front-end Web applications and back-end databases to prevent these attacks from succeeding. (Free registration required.)
Published: 2014-07-24 Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.
Published: 2014-07-24 OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.
Published: 2014-07-24 OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.