Thales Blog

#Infosec13: The Barbarians Are Already Inside The Gate – Is Your Network Protected From APTs?

April 16, 2013

Tales of the shadowy underworld of computer hacking and state-sponsored espionage might capture the imagination of many a Hollywood filmmaker or detective novelist, but recent incidents like those affecting The New York Times, Washington Post and Wall Street Journal, show that advanced hacking attacks are far from fictional.

Cybercrime is a booming industry – and data the new black gold. Here at Vormetric, we believe that there are only two types of data: the kind that somebody wants to steal and everything else.

In recent months, I have noticed that the rhetoric around cyber security has hit the mainstream. At a national level, government bodies and their private sector counterparts have been coming together to form a united front in the fight against escalating online crime. Take for example the launch of the UK ‘Fusion Cell’, where analysts from MI5 and GCHQ, along with private businesses, will have a dedicated platform to exchange intelligence resources. This, as you may also remember, has come hot on the heels of the launch of the EU's Cyber Security Strategy in February and the release of a new NATO handbook on the rules of cyber warfare. The trenches have been dug and the battle lines have been drawn!

Attempting to stem the rising tide of cyber crime might appear to some to be an almost futile task – one might compare the task to that of the ancient Greek god Sisyphus, who was forever condemned to repeat the same task of pushing a boulder up a mountain, only for it to roll back down again – BUT as hard as the task may be, your company data still needs to be protected!

Thanks to release of the recent Mandiant report, the dangers of spear phishing and Advanced Persistent Threats (APTs) have been catapulted to the attention of businesses and the public at large. Crucially, these APT attacks reveal that the bad guys have evolved to circumvent conventional defences – the perimeter has been breached. Any business that continues to rely on perimeter security is setting itself up for a fall. The most unnerving aspect of these attacks is the stealthy way in which the bad guys can infiltrate systems, grab credentials and operate undetected inside the network perimeter – roaming around your company network until they find data they can exploit.

Although encrypting data may be touted as an obvious additional layer of defence, traditional disk or storage encryption gives a false sense of security. The reason is that it typically lacks access controls, which are vital to protect against privileged user exploitation – which is what has been happening in the APT cases reported in the media. If one of your employees has his or her user credentials compromised, an attacker can view what the employee is allowed to view and any basic encryption in place becomes pretty useless.

My advice? Start thinking about getting protection closer to the data itself and managing access to it. Gather intelligence about what is happening to your data so that you can pick up on variants in user behaviour – ask the hard questions, like who is accessing what and from where? Remember, in business, the risk of data compromise or intellectual property theft comes from both internal and external sources.

Come and talk to me on stand M65 at #Infosec13 about how to protect what matters. In the meantime, enjoy this security breach supercut we put together.