Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Guest View: Want to strengthen defences? Think like an attacker

Amitpal Singh Dhillon, Field Product Marketing Manager, Sourcefire | May 20, 2013
In a world in which attackers seem to be gaining an advantage, defenders need to fight fire with fire.

The recent hike in the number and severity of cyber attacks around the world demonstrate that we are  squarely in an era referred to as the "industrialisation of hacking" which has created a faster, more effective and more efficient sector profiting from attacks to our IT infrastructure. Driven by the desire for economic or political gain or attention to their cause, hackers are executing more sophisticated and damaging attacks that at the same time are becoming easier to launch with widely available tools.

According to the 'Efficacy of Emerging Network Security Technologies study' from Ponemon Institute, organisations in Asia Pacific are witnessing a growing number of sophisticated cyber attacks and a changing threat landscape. Furthermore, 47 percent of organisations agreed that emerging network security technologies are not effective in minimising attacks that aim to bring down Web applications or block unwarranted Internet traffic.

Despite the rise of external attacks that call for more comprehensive and holistic security technology investments, the study shows that 55 percent of the companies surveyed still continue to focus on the inside-out threat. These challenges are forcing companies to rethink their security defence strategies.

No technology is 100 percent effective in blocking today's sophisticated attacks at a single point-in-time. Outbreaks will happen and organisations need solutions that span the full attack continuum - before, during and after an attack. 

Even the most security diligent organisations are realising that breaches are no longer an 'if' but a 'when.' Detection and blocking technologies only address part of the problem at a specific point in time and lack the decisive insight to find, analyse and remediate compromised systems on an ongoing basis.

To understand today's array of threats and effectively defend against them, organisations need to start thinking like attackers. The task of going beyond point-in-time detection to confirm an infection, trace its path, analyse its behaviour, remediate its targets and report on its impact is much needed. With a deeper understanding of the methodical approach that attackers use to execute their mission, as demonstrated by the "attack chain," IT professionals within organisations can identify ways to strengthen defences. The attack chain, a simplified version of the "cyber kill chain," describes the events that lead to and through the phases of an attack.

Cyber kill chain

Survey. Attackers first enter a company's infrastructure and deploy surveillance malware to look at the full picture of its environment, regardless of where it exists - network, endpoint, mobile and virtual, to understand what attack vectors are available, what security tools are deployed and what accounts they may be able to capture and use for elevated permissions. This malware uses common channels to communicate and goes unnoticed as it conducts reconnaissance.


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.