• No results found

The Case for a New Approach to Network Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "The Case for a New Approach to Network Security"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

The Case for a

New

Approach

As demonstrated by the

concerted, sustained, and

ultimately unsuccessful DOS

attacks against major

compa-nies targeted by WikiLeaks

supporters, organizations

have grown quite adept at

defending against DOS

attacks .

An Advanced Systems Group White Paper

The IT world certainly has changed. The cloud, social media, smartphones, widespread WiFi, tablets, and other innovative technologies bring exciting and valuable business capabilities to the market. Unfortunately, they’ve also introduced new vulnerabilities, breeding a new generation of attackers who are eager capitalize on the susceptibilities. In the face of the new challenges and the latest generation of threats, organizations need to revise the security strategies they relied on in the past. Today, organizations need more than perimeter protection, anti-virus capabilities, and denial-of-service (DOS) attack defenses, although some organizations continue to struggle even with these security basics.

Few dispute that data has become an organization’s most valuable asset. Organizations must ensure the integrity and control of that data through encryption, data loss preven-tion strategies, and other data management techniques.

To meet the latest generation of threats, organizations require a new

approach to security that addresses the changes in the threat landscape

and places an emphasis on the need for governance, visibility, and control.

In the past, network security was IT-centric. It typically involved defenses like

• Protecting edge switches • Setting up layers of firewalls

• Implementing virus protection by deploying anti-virus software, intercepting viruses at

the email and Internet servers, educating users to leave unknown attachments unopened, and blocking users from accessing known risky websites

• Thwarting DOS attacks by monitoring incoming traffic, recognizing attacks early, and setting switches and routers to perform rate limiting and traffic shaping functions.

Organizations expecting more sustained, sophisticated, and distributed DOS attacks deployed additional hardware to capture and divert or redirect the attacks.

• Scanning online activity to identify and isolate individual hackers often considered

“lone rangers” or rogue players.

Although these defenses took nearly a decade to develop and deploy effectively—and in recent years organizations have experienced some success in curtailing malicious activities— these defenses weren’t intended to defend against many of the types of online threats organizations face today. As a result, organizations continue to experience disturbing losses due to security breaches.

to Network Security

Network Security—Then

Five Critical Shifts that

Threaten Network Security:

1. Emergence of systematic,

syndicated, multi-layered

global hacking.

2. Shift from application

security to data security.

3. Emergence of social

networking as major

vulnerability.

4. Shift to proactive defense

from reactive defense.

5. Shift focus to

dimensional password

theft.

(2)

The Enterprise Strategy Group

(ESG) reports that nearly

one-third of organizations

experienced a data breach

within the last 12 months.

More alarming still, another

10% of the security

profes-sionals surveyed said they

don’t know

if they’ve

experi-enced a data breach in that

period.

Network Security—Now

Today, the “lone ranger” hacker no longer operates alone. These individuals most likely belong to an informal group of hackers or even an organized hacker syndicate. Together, they may orchestrate and coordinate their attacks and share techniques and methods, creating a more serious threat that’s more difficult to identify and defeat.

The industry has also noticed an increase in progressive stepped attacks—when hackers repeatedly try to penetrate the systems through different vectors of attack. The organiza-tion may deflect some of the attacks, but the attackers are counting on one of them succeeding. And one is all it takes.

The rise of social networking also poses challenges. Although it can be a significant benefit to the organization when appropriately managed, it also presents some dangers in terms of security. Companies should make their social media users aware of the risks of information sharing on social media and educate them specifically about the types of information they can and cannot share. Organizations should consider revising policies to address social media and monitor what employees say and share on social media. Social media also offers hackers and other criminals the opportunity to engage in social engineering—using deception or fraud to persuade employees to reveal passwords and other confidential information. Attackers can then use this information to penetrate the systems and compromise data. To prevent this method of attack, companies should build a defense around education, policy, and activity monitoring.

Finally, organizations face one of their largest security threats from their own people, often in the form of careless or disgruntled employees. For example, many employees generally lack knowledge about what comprises sensitive data. Or employees sometimes circumvent business processes or controls for the sake of speed and efficiency, which creates the risk of accidental data leakage.

PricewaterhouseCoopers’s recent report, “Trends in Proprietary Information Loss,” found that Fortune 1,000 companies have experienced proprietary information and intellectual property (IP) losses of $50-60 billion annually—and roughly 25 percent of the companies surveyed said the majority of their losses were due to insiders. This outranked the losses caused by viruses, worms, spyware, and system penetration by outsiders.

1

Emergence of systematic, syndicated, multi-layered global hacking

Together, the threats described above represent five critical shifts in the threat profile. In response to these shifts, organizations must rethink how they plan and execute security to safeguard to their systems, applications, and— most importantly—their data.

Social media also offers

hackers and other criminals

the opportunity to engage in

social engineering—using

deception or fraud to

persuade employees to reveal

passwords and other

confi-dential information.

Five Critical Shifts That Threaten Network Security

This essentially amounts to the industrialization of hacking, which produces a supply chain that starkly resembles that of drug cartels. Automated tools such as malware distributed via botnets provide the weapons of choice.

2

Shift from application security to data security

Companies are shifting to data security as cyber-criminals devise and uncover new ways for bypassing existing security measures to obtain information and critical data.

(3)

IBM’s Security Systems

X-Force records and analyzes

an average of 20 new network

vulnerabilities every day from

around the world. There are

well over 10,000 known

network vulnerabilities and

the number rises daily as

global threats continue to

increase.

1

Recognize your organization’s current digital footprint

The largest identity threat to

date, the TJX breach, resulted

from the attackers focusing

on weaknesses in the wireless

network. Even more

trouble-some, the attack came after

the organization had certified

its compliance with the

Payment Card Industry (PCI)

security standard.

Document your electronic footprint on Internet, both the visible spectrum as well as the IRC/ICQ message channels, and other groups. Identify and pinpoint potential areas that may be vulnerable to information disclosure or compromise by gathering all the intelli-gence you can about your organization, employees, partners, other stakeholders, and infrastructure the same way malicious hackers do.

2

Assess vulnerabilities of employees, partners, and other stakeholders

Once you’ve assessed the vulnerabilities of employees, partners, and other stakeholders, analyze and evaluate what you’ve learned to identify potential problems.

4

Shift to proactive defense from reactive defense

Rather than sitting around, waiting to be breached, smart organizations are actively seeking holes and plugging them. Basically, it’s another instance in which offense is the best defense.

5

Shift in focus to multi-dimensional password theft

Attackers expect that credentials for one application, like an email account, likely will also apply to other applications, like online banking. As a result, attackers are ramping up their efforts against these big payoff targets. Changing passwords frequently, insisting on different passwords for each account, or even choosing an altogether different security option other than passwords all make good defenses.

To combat the threats from these shifts in network security, managers need the visibility and control that lies at the heart of information governance. Organizations know all about corporate and financial governance. Now they must apply it diligently to informa-tion that—when you come down to it—is one of their most valuable assets.

The largest identity threat to date, the TJX breach, occurred when attackers started focusing on weaknesses in the wireless network. Even more troublesome, the attack came after the organization had certified its compliance with the Payment Card Industry (PCI) security standard.

New threats emerge every day that require innovative approaches and force organiza-tions to be more proactive. And as the number of hackers around the globe continues to grow, it’s more important than ever to conduct a comprehensive security assessment of your network—one that focuses on actual threats rather than an audit checklist such as the PCI compliance.

A comprehensive security assessment consists of eight steps:

Increase Visibility through a Comprehensive Security Assessment

3

Emergence of social networking as major vulnerability

People who are less educated in security policy are more susceptible to social engineer-ing, which makes companies more vulnerable.

(4)

The security threats

organiza-tions face place a substantial

premium on their ability to

recognize threats and

corre-late threat behavior.

There-fore, companies require not

only technology tools but

enterprise-wide information

governance grounded in

policies and education.

If a hacker leaves a USB flash

drive containing malicious

code in your lobby, someone

will likely pick it up and

innocently pop it into a

system on the network to see

what’s on it. That’s all it takes

to compromise your network.

7

Review wireless nets, including WiFi, Bluetooth, RFID, rogue devices

Wireless nets, rogue devices, and removable media all present vulnerabilities. If a hacker leaves a USB flash drive containing malicious code in your lobby, someone will likely pick it up and innocently pop it into a system on the network to see what’s on it. That’s all it takes to compromise your network.

8

Assess and educate employees about social engineering attacks

This includes policies around behavior, like picking up flash drives left lying around.

This may sound like a lot of work, and it is. But hackers make it their job to

breach your security, and you want to make it as difficult as possible for

them.

4

Conduct comprehensive scanning of ports, vectors, protocols

Conduct a comprehensive scan of all ports on your network to identify the IT counterpart of open windows and unlocked doors. The most common malicious network scans search for vulnerabilities in a standard range of 300 ports on a network where the most common vulnerabilities are found. (However, you may have over 60,000 ports on your network that can be suspect.)

5

Understand how your network interacts with outside parties

Try to access your network as an outside party might. See what your network requests in terms of information and how easily it can be satisfied.

Information Governance

6

Probe your internal network weaknesses

Assess interaction with internal networks. Unfortunately, internal people do malicious things too.

Maintaining proper security monitoring and controls are central to defending your organization against data breaches. Fortunately, new efforts at Security Information and Event Management (SIEM) and Data Loss Prevention (DLP) strategies can counter the latest threats.

SIEM uses automated collection, analysis, alerting, auditing, reporting, and secure storage of all logs, which produces a mountain of information. Tools then correlate this huge amount of seemingly unrelated data and turn it into intelligible patterns that reveal what actually happens on your network and immediately generates alerts if anything signifi-cant happens. The results are invaluable to the stakeholders in any organization, includ-ing Compliance, HR, Security, IT, and Network Operations.

3

Assess the vulnerabilities of networks, applications, other IT resources

Document and analyze your entire IT infrastructure to find the weaknesses and potential problems.

(5)

About the Author

Mark Teter is the Chief Technology Officer at Advanced Systems Group. He is an interna-tionally recognized authority on information technology who regularly advises IT organizations, vendors, and government agencies on a broad range of information management issues. Each year, Mark conducts dozens of seminars and training programs for corporate and government institutions. He sits on several financial industry advisory boards and has recently published Paradigm Shift: Seven Keys of Highly Successful Linux and Open Source Adoptions.

About Advanced Systems Group

Since 1981, Advanced Systems Group (ASG) has been providing comprehensive consult-ing services, successful storage and data management solutions, assessments, and implementation services to help customers meet today’s IT & business challenges. In particular, ASG focuses on customer needs, customizing unique solutions and success-fully addressing companies’ particular IT challenges. As a consistent member of the VAR Business Top 500, ASG pursues active involvement in the industry, maintaining the highest level of engineering certifications with partners and the vendor community. DLP consists of systems to identify, monitor, and protect data in use, in motion, and at rest. It relies on deep content inspection and contextual security analysis of all aspects of a transaction within a centralized management framework. In short, DLP is designed to detect and prevent the unauthorized use and transmission of confidential information. The security threats organizations face place a substantial premium on their ability to recognize threats and correlate threat behavior. Therefore, companies require not only technology tools but enterprise-wide information governance grounded in policies and education. That’s why it’s equally important that management has the will and commit-ment to enforce corporate governance and HR policies.

Denver . Baton Rouge . Boise . Colorado Springs . Dallas . Houston . Los Angeles . New Orleans Oklahoma City . Orange County . Phoenix . Portland . Salt Lake City . San Diego . Seattle . Tulsa

©2010 Advanced Systems Group

Call us at 800.894.3619 www.virtual.com

References

Download now ( PDF - 5 Page - 353.43 KB )

Related documents

A Nexus between Working Capital Management and Profitability: A Case Study of Pharmaceutical Sector in Pakistan

According to the results of regression analysis, the null hypothesis of the study is rejected because all the variables related to working capital negatively affect the

Intra-household inequality and child welfare in Argentina

35 Female labor participation may generate many intra-household effects: time allocation effects (e.g., both parents working have less time to allocate to child care or domestic

Systemic Seismic Risk Analysis of Gas Distribution Networks

As consequences, ground movements triggered by earthquakes in the form of transient ground deformation (TGD), caused by the passage of seismic waves (ground shaking) which is

Medicine Shelf Stuff

○ If BP elevated, think primary aldosteronism, Cushing’s, renal artery stenosis, ○ If BP normal, think hypomagnesemia, severe hypoK, Bartter’s, NaHCO3,

A Reference Viral Database (RVDB) To Enhance Bioinformatics Analysis of High-Throughput Sequencing for Novel Virus Detection

Since NCBI Viral Genomes contained only a small number endogenous nonretrovi- ral, endogenous retroviral, and LTR retrotransposon sequences, we further determined the extent to

Download Download PDF

Hence, in spite of VAD being present in children younger than 6 months (Humphrey, et al., 2000), supplementation in neonates, 1-5 month old children and women (for their own sake

False Misbehavior Removal in Clonal Selection Mechanism Based on Watchdog by the use of Transition P  

Yuxin Mao[3] et.al proposed “A Secure Mechanism for Data Collection in Wireless Sensor Networks”, the objective is to improve the existing watchdog monitoring system by

Assessing the Impact of Biodiversity Conservation in the Management of Maize Stalk Borer (Busseola f  

Field experiments were conducted at Ebonyi State University Research Farm during 2009 and 2010 farming seasons to evaluate the effect of intercropping maize with