Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
2/17/2015
11:45 AM
Michael Sentonas
Michael Sentonas
Partner Perspectives
50%
50%

Cyberespionage: Youre Not Paranoid, Someone Is Spying on Your Company

It's time for all of your counter-espionage tools to work together.

By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for intellectual property to steal, product or inventory details to strengthen their negotiating position, customer information to use or sell, or hundreds of other items. Their goal could be getting a better price, gaining a competitive advantage, disrupting your efforts, stealing your customers, or something equally as nefarious.

People have been watching your company from the outside for a long time. They may have even tried to get inside to sneak a peek at your secrets, posing as a customer, employee, or potential investor. And you were probably doing similar things to try to get inside the heads of your competitors, suppliers, or customers – all legally, of course.

The difference is that now there are more people, with access to more technology, trying to get inside. The worst part is that they will not necessarily be brazen about it, either. They may not go screaming from the rooftops about what they have stolen, or post the data on a darknet website. They may keep it to themselves and use the information carefully to keep you unaware, like the Enigma decoders in World War II, so you will not even know that you have been compromised.

In this new corporate cyberespionage environment, security vendors will often say “The old way has failed again; buy our gadget instead and it will protect you.” Unfortunately, this is just as risky as relying on any one sports play. Good defense is flexible, adaptable, and responds to the situation on the field. Most important, good defense relies heavily on communications among team members. Combining star players from several different teams rarely results in a superior defense, until they have learned to play together.

Similarly, no one style of defensive player is going to work for all plays, and no single security product is going to solve all of your security issues. You will need a broad mix of devices and services, but it should not be your responsibility to integrate them all. Look for end-to-end or standards-based solutions that have a proven ability to play well together.

Some espionage targets are obvious, while others can be quite obscure. You cannot know for sure what your adversaries are after, and you cannot lock down everything. You need to ask and honestly answer the questions about where you are vulnerable and what data could be used against you; not just core intellectual property, but information such as delivery schedules, contracts, inventory levels, product plans, and pricing analysis, just to list a few.

Using terminology from the spy world, your analysts will need to combine signals intelligence, human intelligence, open-source intelligence, and surveillance from your full complement of security agents. If they are not speaking the same language and using the same communication channel, there is an added risk of misunderstanding or miscommunication among systems.

You need your whole environment to share and understand threat intelligence, anomalous behavior, and suspicious files. Then you can detect the small percentage of alerts that could indicate cyberespionage, and your analytics team can combine forces and apply the context to evaluate these clues and act appropriately.

Combatting cyberespionage isn’t about hiring the latest silver bullet. It’s about building a collaborative team of special cyberexperts, a team with balanced and reinforcing skills; some network, some endpoint, some big data, some system. Harnessed together, that’s an effective weapon in modern cyberwarfare.

Michael Sentonas is the Chief Technology and Strategy Officer, APAC for Intel Security. Michael has been with the company for fifteen years, previously holding leadership roles such as VP and Chief Technology Officer of Security Connected, VP and CTO for Asia Pacific and, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10694
PUBLISHED: 2019-12-12
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1....
CVE-2019-10695
PUBLISHED: 2019-12-12
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user�s username and password were exposed in the job�s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the ...
CVE-2019-5085
PUBLISHED: 2019-12-12
An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
CVE-2019-5090
PUBLISHED: 2019-12-12
An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulner...
CVE-2019-5091
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.