[BreachExchange] Building Security Layers – of Software

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 27 13:58:02 EST 2017


https://www.infosecurity-magazine.com/opinions/building-security-layers-of/

Global enterprises in 2016 experienced increasingly numerous, varied and
sophisticated security threats. When it comes to ICT – which is how most of
today’s organizations operate – the potential risks of attack are enormous.
These attacks to integrated mobile devices, apps and network hardware and
software can threaten not just data protection, financial stability and
company reputation – but even health and safety.

I’ve taken a look in more detail at some current attacks types to be aware
of in 2017, the risks – and, most importantly, what can be done.

Ransomware

Ransomware has grown massively over the past year. Some forms of ransomware
systematically encrypt files on the system's hard drive, which become
difficult or impossible to decrypt without paying for the encryption key –
while some may simply lock the system and display messages harassing the
user into paying. This can lead to not just large financial losses but
massive clean-up operations.

Slow Drip DDoS Attacks

Not only are DNS attacks steadily increasing but there’s also a massive
rise in new threats such as ‘Slow Drip DDoS attacks’. This attack makes a
victim’s domains appear inaccessible through a flood of maliciously
crafted, impossible-to-solve DNS lookup requests – consuming network,
bandwidth and storage resources. Not only can cyber-criminals gain access
to confidential data but they can also tie up network connections and cause
time-outs, resulting in loss of internet service and an increase in
customer complaints.

Malvertising

Malvertising is still a fairly new concept, but one that is highly
attractive to attackers because it can easily, quickly and silently spread
malware across a large number of legitimate websites – without any user
action or directly compromising the sites. Malware-laden ads are injected
into high-profile and reputable websites – and then seen by millions of
users, even the most cautious. This could be the most deadly attack of them
all – and it’s growing rapidly.

What Can Be Done: a Multi-Layered Approach

These threats are quickly becoming household names, with security risks
plastered across social and media channels. A breach can no longer just be
swept under the carpet and disguised to consumers and clients, so what can
organizations do to protect themselves?

Simply implementing more firewalls just isn’t going to cut it today. As
threats have become more advanced, cunning and aggressive, security
technology has had to evolve to combat these issues. An aggressive,
multi-layered and proactive stance is required.

This isn’t to say that the basic levels of security aren’t still valuable,
but they just aren’t enough by themselves. Security today should be a
collaborative effort and what will be key is security software in layers,
which learns and adapts from the other layers.

However, even these solutions still require a classification to determine
if a threat is really friend or foe. This takes time (that enterprises can
ill afford) so what about the truly nasty stuff that aggressively attacks
networks quickly and ruthlessly? For this, security platforms need to take
a paranoid stance and start to look at pure network activity patterns, base
lining every user, server, switch and light bulb to learn what ‘normal’ is,
and proactively monitor for any traffic that stands out as abnormal. Once a
threatening activity is detected the threat can be isolated from the
network and administrators can investigate if the threat is genuine.

Taking this one step further, teaming these User Behavior Analytics (UBA)
systems with a software-defined networking solution will allow for the
system to move threats instantly to an isolated network location where some
productivity can continue without access to the rest of the network,
helping to lower the impact of false positives.

Creating these layers of intelligence – from basic malware and antivirus
protection through to UBA – is the only way to confront an
ever-increasingly complex and innovative threat landscape and develop a
robust threat mitigation solution. Here are some examples of how this can
work in reality:

Firewalls, Malware Protection and Intrusion Systems

Older versions of browsers can pose a particular hazard because they
represent the first line of defense against malicious websites. However,
there are various tools available that can whitelist good sites and block
bad ones. Users can download anti-virus software that removes malicious
software from their systems, use ad blocking software to avoid downloading
malware contained in ads and implement specific internet browsers, which
can alert them to malvertising campaigns. You don’t just want firewalls in
place; you need malware protection and intrusion protection systems as well.

Patching, Data Protection and Recovery Processes

Protecting against ransomware isn’t only possible; it’s potentially easier
than other strains of malware. Preventing vulnerabilities from being
exploited is an essential way to prevent attacks from being successful, so
it’s key to speed up the patching and remediation process. While at the
same time putting better data protection and backup and recovery approaches
in place not only prevents issues from affecting everyday activity, it can
also make the clean-up process much easier.

Vulnerability Management and Security Education

Preventing vulnerabilities is also key to protecting from social
engineering attacks – but no single software tool will protect everyone all
the time, so again building security in layers is important. These layers
can include new technology to quarantine suspected spam and phishing
emails, and regular patching and updates to ensure software is as secure as
it can be – as well as education and training for staff.

Risk Modelling Technology

Finally, another additional measure is to introduce risk modelling
technology: a security discipline that takes an exact model of your network
– good and bad– and puts it under constant pressure to help find vulnerable
attacks as fast as possible.

It’s all about staying on top of the increasingly numerous, varied and
sophisticated threats, and making sure your systems are equipped to
prevent, respond to and recover from those attacks. Businesses need to be
constantly questioning themselves in every way possible – and this is where
software makes it easy to build solutions that incorporate interoperable
technologies designed for today’s needs, with an eye on tomorrow’s, to help
create a unified security platform.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170127/89a4ebe6/attachment.html>


More information about the BreachExchange mailing list