Page 9 - index
P. 9
The Killer App for Security
Brandon Hoffman, Federal CTO, RedSeal Networks
Next Generation Threat Environment
Security has long felt like a losing game. As we know, the good guys need to be lucky all the
time, but the bad guys only need to be lucky once. We have all spent vast amounts of
money, time and effort trying to ensure the security of our sensitive information, and that of
our customers. Firewalls, intrusion detection systems, SIEMs, anti-malware products, VPNs,
vulnerability scanners – layer upon layer of defense. Yet, despite our best intentions, we now
know that breaches are almost inevitable. The bad guys have gotten into our networks, and
are lurking there, waiting to discover just one route to critical data that can be exfiltrated for
personal, financial or political gain. We’re all looking for that “killer app” for security.
Evolving Threats
The new class of threats looks quite different than threats of the past. We have seen threats
move from casual hacks done for fun or glory, to financial attacks (by tapping into
underground networks to sell credit card data), corporate/government espionage (e.g. the
Night Dragon attack on multinational energy companies), weaponization of code (as
hacktivists take revenge on those with whom they disagree), all the way to Advanced
Persistent Threats such as Stuxnet and Operation Aurora. Many of today’s bad actors are
well-funded, well-equipped and well-versed in network architecture and human behavior.
The lifecycle of the advanced persistent threat is disturbing. Attackers select their target,
and easily acquire the necessary tools on the Internet, purchasing information on
vulnerabilities, renting botnets, etc. They then do recon on the infrastructure – and the
employees (often through email and phishing attacks, but also increasingly via mobile
devices), and begin their work. Initial probing quickly shows vulnerabilities that can be
exploited for the initial intrusion. Once in, they build a command and control center with
outbound connections. Then they stealthily work to increase their footprint, gathering
credentials and learning about the network. Through persistence and patience, they find
critical data and exfiltrate it. Quickly moving to cover their tracks, they wait patiently for the
next opportunity to do it all over again.
Root Causes of Network Vulnerability
There are two principal causes of network vulnerability that can lead to breaches and loss of
critical data: the ever-expanding attack surface, and increasing network complexity. While
employees play a growing role in network vulnerability, the amount – and value – of data to
be protected is growing even faster. All the while, attackers often have the financial backing
and the patience to continue to bombard your network, seeking one small vulnerability that
will let them in.
9 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
