That new reality, which has been building for several years starting in the military sector, has shifted the focus from trying to stop attackers at the door to instead trying to lessen the impact of an inevitable hack. The aim is to try to detect an attack as early in its life cycle as possible and to quickly put a stop to any damage, such as extricating the attacker from your data server--or merely stopping him from exfiltrating sensitive information.
It's more about containment now, security experts say. Relying solely on perimeter defenses is now passe--and naively dangerous. "Organizations that are only now coming to the realization that their network perimeters have been compromised are late to the game. Malware ceased being obvious and destructive years ago," says Dave Piscitello, senior security technologist for ICANN. "The criminal application of collected/exfiltrated data is now such an enormous problem that it's impossible to avoid."
Attacks have become more sophisticated, and social engineering is a powerful, nearly sure-thing tool for attackers to schmooze their way into even the most security-conscious companies. "Security traditionally has been a preventative game, trying to prevent things from happening. What's been going on is people realizing you cannot do 100 percent prevention anymore," says Chenxi Wang, vice president and principal analyst for security and risk at Forrester Research. "So we figured out what we're going to do is limit the damage when prevention fails."
There are certain types of attackers you cannot prevent from getting in if they are determined to do so, says Richard Bejtlich, chief security officer at Mandiant Security. "They will get into your company, but that doesn't mean you should give up," he says.
For organizations like the military that are constantly under siege by cyberattackers, this is nothing new. "Twenty years ago, we thought we could keep these guys out," Bejtlich says. But the Air Force was the first to realize that was not the case after it began instrumenting its networks with custom sensors to detect the attackers, he says. The Air Force quickly realized it wasn't so much a matter of keeping them out, but finding them as quickly as possible and extricating them, he says.
Most external hacks of databases occur because of flaws in Web applications that link to those databases. In this report, Protecting Databases From Web Applications, we'll discuss how security teams, database administrators, and application developers can work together to improve the defenses of both front-end Web applications and back-end databases to prevent these attacks from succeeding. (Free registration required.)