Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks

Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.

Your network is under attack, but you don't care. That was the message from Immunity researcher Lurene Grenier, who on Sunday kicked off the Cisco Talos Threat Research Summit, in Orlando, Fla.

"You are either not aware of what's going on or aren't taking all this seriously," she said.  

At the heart of Grenier's view of attackers is a set of three tiers:

  • Tier 1: Nation-state actors
  • Tier 2: Organized crime
  • Tier 3: lolsec and reverse hacktivism

She told the audience that dealing with tier 3 involves the kind of activity they're used to — pen testing, updating, and then continuing to pen test and update.

Tier 2 becomes more complex because many of the organized crime groups are either working on behalf of nation-states or reusing nation-state code. To have a chance of defending against tier 2 threats, Grenier said, your organization must do two things, one expensive and one difficult.

The expensive task is finding and hiring good security people. From there, give them time to understand your network, she said. "They need to know your network better than the attackers, and that's a tall order," Grenier explained.

Then comes the hard task: "Give them the clout to change what needs to be changed, and give them the resources to make the changes," Grenier said, noting that both involves a cultural shift for many organizations.

But that's easy compared with the shift required for coping with tier 1 attackers. Grenier hammered home the point that every organization must be prepared to deal with these most advanced threat actors.

"How can I convince you to care about this? This isn't a responsibility thing anymore — they won't tell you when they've owned you," Grenier said. "It's just that your IP will end up in another country."

Defending against this kind of attacker requires investment; Grenier offered a metric for how much a company should be prepared to invest. "How much do you pay your lawyers? You should be paying your security team at least as much," she said.

Then she recommended draconian segmentation. Most corporate computers, she said, have no business being on the Internet and should only be connected to an internal network without an internet gateway. What about the employees who need to update social media and check March Madness scores? "Give your employees an iPad," Grenier recommended.

One of the reasons Grenier's warnings seem so dire is that she has seen the layers of attacks that threat actors have at their disposal. "There are unpatchable bugs in everything you own and use. Every nation-state has multiple zero days on everything you own — probably three deep," she said.

Those vulnerabilities and exploits extend to mobile devices. The iPhone, Grenier said, is probably the most secure mobile device widely sold, and yet "there are probably 10 full iPhone [exploit] chains at any given time. And that's the most secure calling platform."

The real risk isn't in an attacker devastating your infrastructure, Grenier said, but in a nation-state-sponsored competitor beating you economically.

"What could you do, as someone negotiating a contract, if you had perfect knowledge of your competitor's plans, information, and projections?" she asked. "That's the situation everyone finds themselves in when they deal with a state capitalist."

Related Content:

 

 

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for more information

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
6/13/2018 | 2:49:09 PM
Working in a real shop
I am honored to be working with a talented group of warfare professoinals at Fiserv - where we have a dedicated malware forensics and threat hunting group for the entire firm.  We are ACTIVE in finding incoming threats and monitoring over 11,000 systems for invasive anything, remediating and eliminating.  Almost unique in corporate America.  
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.