Page 31 - Cyber Warnings
P. 31
7 Secrets of Offensive Security
Information Security (INFOSEC) Best Practices for Data Protection and
Compliance
by Gary S. Miliefsky, CEO, SnoopWall, Inc.
The State of Network Security Today – Reactive and Slow
Network breaches are in the news every day. In the US alone, there have been over
900,000,000 – that’s 900M records of personally identifiable information (PII) stolen over the
past few years. While most organizations are running the latest corporate firewalls – also
known as UTMs – unified threat management systems or NGs – next generation firewalls and
the latest and greatest antivirus products, they are still breached.
Over 95% of breaches happen behind these corporate firewalls on these endpoints that appear
allegedly to be secured by antivirus. So, it seems, the hackers have leap-frogged most
INFOSEC countermeasures. Yes, that’s what the tools you’ve been buying to protect yourself
are – just reactive technologies, countermeasures, that usually react too late – causing a
ransomware payment decision, data theft, downtime or even much worse.
The Way to Win the Battle – Proactive, Offensive, Fast and Semi-Automated
While not all of your defenses can be automated, I do like to focus on more proactive
approaches to the problem of being breached. If you do a root-cause analysis, you will discover
your weaknesses in advance of their exploitation. For example, let’s say you buy the latest and
greatest antivirus software, keep it always up to date and then get infected.
The infection exploits a fairly new but known vulnerability in the Microsoft Windows RPC
protocol, which can be found in the nvd.nist.gov database on common vulnerabilities and
exposures (CVEs). While your antivirus software focuses on reacting – scrubbing and cleaning
up after you’ve been infected, it’s still reactive technology.
The Offensive security model suggests you should find out which systems have the RPC
vulnerability, contact Microsoft for a patch and fix this hole quickly. If there is no patch available,
maybe you could turn off the RPC protocol for a few days or a week until next week’s Patch
Tuesday from Microsoft. This may cause a minor disruption in network service access or
Remote Help Desk software, however, your Windows computers won’t be getting infected with
this new virus.
31 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide