Home > CA Community > Security Management

CA Community





This Blog
Syndication

Security Management

Insight and opinion on the world of security management. Visit often for commentary on security industry issues around identity and access management, data protection, advanced authentication, single sign-on and access management, cloud security and more.

Defend against APT attacks from the inside out

Published: May 11 2012, 01:49 PM
by Russell Miller

NPR's morning edition had a segment titled "Cybersecurity Firms Ditch Defense, Learn To ‘Hunt." The focus of the piece is on attacks from China that look to gain intellectual property and other trade secrets from specifically-targeted Western firms.  This type of attack is called an Advanced Persistent Threat (APT).

There is little doubt that APTs are a growing problem; Google, Adobe and Rackspace are among the companies that have publicly disclosed that they were the targets of an APT-style attack. Even the security firm RSA said it was compromised  by an APT in 2011.

The most striking quote in the NPR piece came from Dmitri Alperovitch, a co-founder of CrowdStrike: "There's really no organization, including government agencies, that can prevent this type of attack. So you need to shift your mode into thinking that you are always in a state of compromise, and you need to start thinking about how to hunt on the network."

He couldn't be more right. All organizations need to ask: "What would happen if an attacker were to penetrate our network - what actions would the attacker take, what damage could be done, and how could such a breach be detected?"

In many cases, the first step for attackers once they penetrate a network is to gain access to administrative accounts, which frequently have access to the proverbial "keys to the kingdom." While the NPR report focused on firms that gather intelligence and actively seek out the attacking groups, there is a complementary defense needed against APTs: Privileged Identity Management. This tactic helps control and secure the accounts that can do the most damage to an organization by:

  • managing access to privileged "administrator" accounts
  • restricting even privileged accounts to have only the minimum access necessary, and
  • monitoring the actions that are taken using these accounts

By doing this, an organization applies the concept of "defense-in-depth" to mitigate the effects of an APT and to improve its ability to detect a breach should one occur. In essence, the best defense against APTs and other external threats is to secure your network from the inside out.

Share this post:  
Tags: , , , ,
Leave a comment

 

By: Russell Miller
Russell Miller has spent over five years in network security in various roles from ethical hacking to solutions marketing. He currently manages marketing activities for the CA ControlMinder products. Russell has a B.A. in Computer Science from Middlebury College and an M.B.A. from the MIT Sloan School...
Read More..

1 person has left a comment:

Cyber security is an all round process which should be always monitored and upgraded in order to be a step ahead of the cyber criminals in their attempts and actions in crippling and stealing data and other sensitive information. A research must be done to identify and weigh out the threats which are targeted at the business and follow a comprehensive path towards shutting out the threats.

Posted by: George@Network security and management | May 31, 2012 1:09 PM

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

  Submit