Web Links Directory - Free human edited web sites directory  - Article Details
STATISTICS
  • Active Links: 293864
  • Pending Links: 810001
  • Todays Links: 670
  • Total Articles: 2460
  • Total Categories: 14
  • Sub Categories: 687

Advanced Persistent Threats – Finding Needles in Haystacks

Date Added: November 29, 2011 04:11:57 AM
Author: Astal Mark
Category: Computers & Internet
THE SMARTS TO MATCH WITS WITH APTs Intelligent SIEMs give security staff the real time enterprise-wide visibility they need to see and combat all types of security threats. APTs are smart, low level and distributed, so higher intelligence is critical to effective defence. With a single console, an intelligent SIEM enables security personnel to see and check into alerts quickly, anywhere in the network at any depth. Staff can then run single queries against multiple sets of data, or carry out multi-dimensional analysis to gain full event correlation and contextualisation. As the Manager Information Risk at a Global Investment Group confirmed, the Huntsman® Liveview console is ‘the best tool for finding the proverbial needle in the haystack.’ Behaviour Anomaly Detection (BAD) provides an extra level of intelligence that’s particularly effective against APTs. BAD doesn’t rely on pre-defined parameters or known signatures; it uses intelligence to establish dynamic baselines of normal system and user activity across the network, operating system and application layer of the whole enterprise. BAD then monitors the system for any anomalous or suspicious activity which doesn’t match a familiar profile. This means that unusual activity, even low level, distributed or disguised, could be quickly detected and alerted to security staff for investigation. Beaconing, for instance, is detected because it’s new and abnormal; similarly data protection leaving the network for unknown destinations is unusual so it’s detected, regardless of what channel or disguise the APT has chosen. BAD doesn’t just monitor activity for particular traffic patterns; it’s looking for anything unusual. In this way it detects spikes of network traffic from particular assets or specific protocols sending to IP addresses that are unfamiliar. In a recent instance, BAD was responsible for alerting a major bank to data that was leaving its network for a previously unknown address. In this case, none of the other defences – antivirus, IDS or firewall – had raised an alert. Once BAD had done so, closer investigation found a Trojan which had evaded the perimeter defences, installed dummy ports in the firewall and was blinding the firewall team to the traffic going through it. COULD YOU BE A TARGET? APT attacks don’t always target high profile or large organisations. Sony may be both, but few of us may have known Epsilon or Silverpop before they were attacked. Current targets appear to be organisations with large customer databases. While credit card details are still sought for obvious financial gain, email addresses may have more appeal because they provide access for large scale spear-phishing campaigns, which could have far higher rewards. Of course, APTs are still being used for e-espionage both industrial and commercial, and your company could be an attractive target. To find out how attractive, it’s worth asking some questions. Does your organisation: • Handle or manage sensitive data? • Have large databases with customer details? • Control or manage high value assets or natural resources? • Create or possess valuable Intellectual Property? or • Sign significant international deals? In short, if your organisation owns information of commercial value to others, has found new sources of oil or gas, or designs products that are the envy of your competitors, ‘then you will need to raise your game above traditional best industry practice levels to resist these attacks. These are persistent attacks, which are coming your way, and they won’t stop.’
Ratings
You must be logged in to leave a rating.
Average rating: (0 votes)
Comments

No Comments Yet.


You must be logged in to leave a Comment.
ARTICLES
How to remove link from Wldirectory
Here is the short description, how to remove your link, if you no longer need it.
Get started with jewellery online shopping and find yourself many discounts and offers to avail
Today, Internet is the most versatile tools in the field of marketing. People generally uses it, as to advertise their business and products, as to attaing more and more money and also to get some merchandise.
Shared Hosting Cons And Professionals
Tie this to the fact that Bluehost offer a one month, full money back guarantee if you are unsatisfied for just about any cause. This would be particularly so as it pertains to multiple web hosting.of datacenters.
Monster Beats Headphones Outlet
A center channel is also included. When you are experienced enough, try your hand on starting your own recording studio.
Are you purchasing quality furniture?
When it comes to purchasing furniture you have so many places to choose from.