Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
2/17/2015
11:45 AM
Michael Sentonas
Michael Sentonas
Partner Perspectives
50%
50%

Cyberespionage: Youre Not Paranoid, Someone Is Spying on Your Company

It's time for all of your counter-espionage tools to work together.

By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for intellectual property to steal, product or inventory details to strengthen their negotiating position, customer information to use or sell, or hundreds of other items. Their goal could be getting a better price, gaining a competitive advantage, disrupting your efforts, stealing your customers, or something equally as nefarious.

People have been watching your company from the outside for a long time. They may have even tried to get inside to sneak a peek at your secrets, posing as a customer, employee, or potential investor. And you were probably doing similar things to try to get inside the heads of your competitors, suppliers, or customers – all legally, of course.

The difference is that now there are more people, with access to more technology, trying to get inside. The worst part is that they will not necessarily be brazen about it, either. They may not go screaming from the rooftops about what they have stolen, or post the data on a darknet website. They may keep it to themselves and use the information carefully to keep you unaware, like the Enigma decoders in World War II, so you will not even know that you have been compromised.

In this new corporate cyberespionage environment, security vendors will often say “The old way has failed again; buy our gadget instead and it will protect you.” Unfortunately, this is just as risky as relying on any one sports play. Good defense is flexible, adaptable, and responds to the situation on the field. Most important, good defense relies heavily on communications among team members. Combining star players from several different teams rarely results in a superior defense, until they have learned to play together.

Similarly, no one style of defensive player is going to work for all plays, and no single security product is going to solve all of your security issues. You will need a broad mix of devices and services, but it should not be your responsibility to integrate them all. Look for end-to-end or standards-based solutions that have a proven ability to play well together.

Some espionage targets are obvious, while others can be quite obscure. You cannot know for sure what your adversaries are after, and you cannot lock down everything. You need to ask and honestly answer the questions about where you are vulnerable and what data could be used against you; not just core intellectual property, but information such as delivery schedules, contracts, inventory levels, product plans, and pricing analysis, just to list a few.

Using terminology from the spy world, your analysts will need to combine signals intelligence, human intelligence, open-source intelligence, and surveillance from your full complement of security agents. If they are not speaking the same language and using the same communication channel, there is an added risk of misunderstanding or miscommunication among systems.

You need your whole environment to share and understand threat intelligence, anomalous behavior, and suspicious files. Then you can detect the small percentage of alerts that could indicate cyberespionage, and your analytics team can combine forces and apply the context to evaluate these clues and act appropriately.

Combatting cyberespionage isn’t about hiring the latest silver bullet. It’s about building a collaborative team of special cyberexperts, a team with balanced and reinforcing skills; some network, some endpoint, some big data, some system. Harnessed together, that’s an effective weapon in modern cyberwarfare.

Michael Sentonas is the Chief Technology and Strategy Officer, APAC for Intel Security. Michael has been with the company for fifteen years, previously holding leadership roles such as VP and Chief Technology Officer of Security Connected, VP and CTO for Asia Pacific and, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29446
PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29451
PUBLISHED: 2021-04-16
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.