Web Links Directory - Free human edited web sites directory  - Article Details
STATISTICS
  • Active Links: 293864
  • Pending Links: 782488
  • Todays Links: 773
  • Total Articles: 2460
  • Total Categories: 14
  • Sub Categories: 687

Advanced Persistent Threats – why conventional IT security fails

Date Added: November 29, 2011 09:29:01 AM
Author: Astal Mark
Category: Computers & Internet
WHY AREN’T THEY DETECTED? By design, the malware used in APT campaigns operates at low levels, so it’s deliberately hard to detect and so can ‘persist’ without being stopped. The ‘most significant commonality of APT malware is that it hides in plain sight,’ writes Wendi Rafferty in her blog. ‘It avoids detection by using common network ports, process injection and Windows service persistence. Every piece of APT malware catalogued by MANDIANT initiated only outbound network connections.’ APTs are a new problem for many security systems because, traditionally, they’re focused on external threats using defences built on several point solutions, each selected for a new threat. Mostly they’re based on signatures and rules, perimeter security, access controls, packet filtering and content monitoring, which aren’t particularly good at finding custom-built beaconing Trojans and covert exfiltration channels. Rumour has it that it was RSA’s inability to detect beaconing that prompted it to buy NetWitness, which offered specific tools in this area. Beaconing is actually a misnomer: it’s more like a short flash than a lighthouse - like a spy dropped into enemy territory who’s using signals sparingly to avoid detection. The Trojan’s masters don’t need a broadcast message, and soon they’re shipping extra instructions and malware tools via the backdoor they established, which is still undetected and open. Data Loss Prevention (DLP) systems or Content Monitoring and Filtering systems also tend to be rules-based, that is, they need to be told what to look for, so they’re not much use when the malware is disguised as a legitimate user with access rights to the data. And, since APTs either encrypt the data being copied or establish SSL-encrypted channels or covert peer-to-peer tunnels, content filtering isn’t much help either. WHAT CAN YOU DO? Most organisations employ ‘defence in depth’ principles using layers of cyber security, but often these security layers and point solutions are independent and don’t relate to one another. This results in silos of security information which can’t be integrated into an overall picture of enterprise security. In this case, effective threat analysis fails because the data needed for full event correlation (particularly outliers) can’t be easily resolved. As a result, only small pieces of the APT are detected, the DLP system sees only part of the full picture, so security staff can easily miss the data that’s being stolen. So theft persists, undetected. The crucial element in combating APT campaigns is the ability to see the disparate parts of the attack in the context of a single security challenge. That requires an intelligent, proactive Security Information & Event Management (SIEM) system which can bridge information silos and provide security staff with complete vision and threat intelligence. In practice, this means a system that can: •Monitor and interpret every network device and connection in real-time, not just some of them; •Detect events that are unusual or anomalous, even if they are low level, distributed and discrete; •Provide a single console view of the entire network to see all events in real time; •Integrate all point solutions and consolidate their data into one addressable repository for immediate analysis of all not just some security events; and •Analyse continuously so security staff can join the dots between events to see extent, context and severity of the threat, in real time. This is what our intelligent SIEM technology, Huntsman®, was designed to do.
Ratings
You must be logged in to leave a rating.
Average rating: (0 votes)
Comments

No Comments Yet.


You must be logged in to leave a Comment.
ARTICLES
How to remove link from Wldirectory
Here is the short description, how to remove your link, if you no longer need it.
Get started with jewellery online shopping and find yourself many discounts and offers to avail
Today, Internet is the most versatile tools in the field of marketing. People generally uses it, as to advertise their business and products, as to attaing more and more money and also to get some merchandise.
Shared Hosting Cons And Professionals
Tie this to the fact that Bluehost offer a one month, full money back guarantee if you are unsatisfied for just about any cause. This would be particularly so as it pertains to multiple web hosting.of datacenters.
Monster Beats Headphones Outlet
A center channel is also included. When you are experienced enough, try your hand on starting your own recording studio.
Are you purchasing quality furniture?
When it comes to purchasing furniture you have so many places to choose from.