Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Enough defense: Is it time for an IT security offensive?

George V. Hulme | Jan. 19, 2012
Frustrated with the seemingly impossible task of protecting their networks, more security pros are ready to take the fight to the attackers.

With attacks on data and IT infrastructure on the rise -- along with the costs and potential business impact of attacks -- security professionals are starting to express a sense of futility in their work.

This is especially so following the past couple of years, which have included high-profile and successful attacks on companies that would be expected to have the wherewithal to protect their infrastructure, including RSA Security, Google, NASDAQ Directors Desk, Symantec, and many others.

"There's a sense that no matter what you do, what steps are taken, if someone wants to hack your systems, your data, they can," says the security analysts at a midwest manufacturer. "It's becoming insanely frustrating."

The U.S. -- in what some have argued is a move that both shows the importance of the IT infrastructure and the futility of traditional electronic defenses -- last year stated that the government would use military force in retaliation against certain cyber attacks.

"Frustration in the industry has certainly been growing, so much that more on the defensive side have been wondering what could be done to more proactively combat attackers," the analyst says.

Some of the ideas discussed include gathering intelligence about the attackers to share with other enterprises or hand over to law enforcement, establishing honeypots to capture more data about attackers, and even retaliating on specific systems used in attacks.

As we reported last week, Japanese defense engineers, for example, announced that they've developed a digital virus that can track down, identify, and disable attacking systems. Development of the virus began three years ago, and has only been tested on a closed network so far.

Going on the IT offensive, or at least being more proactive in one's defense, isn't a new concept. In 2003, security researcher Tom Liston started work on software he'd hoped would bring more balance to the fight against worms: LaBrea. LaBrea essentially trapped hackers and worms, and forced hackers to break off attacks, while preventing worms from moving on to other computers.

Unfortunately, Liston pulled LaBrea based on concerns about being prosecuted for disseminating a tool that disrupted network communications.

Just as Liston discovered nearly a decade ago, experts today warn that going on the IT security offensive isn't easy or straightforward. "The first and obvious challenge is accurately attributing attacks with the actual attackers," says Scott Crawford, managing research director, Enterprise Management Associates. "It can be difficult to understand where an attack is coming from when you have physical access to analyze the machine. It's much more difficult when the system attacking you is remote."

Crawford adds that the U.S. government is having a hard enough time solving the challenges of attack attribution considering the many ways the origins of attacks can be hidden -- such as through spoofed IP addresses, proxies, and other well-known attack obfuscation techniques -- that it would be next to impossible for enterprises to have much certainty into actual attack origins.


1  2  Next Page 

Sign up for Computerworld eNewsletters.