Keeping advanced persistent threats in the box

Keeping advanced persistent threats in the box

Tags:    advanced persistent threat   enterprise security   risk management

By George Chang, Regional Director, Southeast Asia and Hong Kong, Fortinet | Dec 5, 2011

One of businesses' biggest threats today is the stealthy online infiltration by attackers to steal valuable proprietary information. Ghostnet (a botnet deployed in various offices and embassies to monitor the Dalai Lama agenda), Operation Aurora (monitoring of Chinese dissidents' Gmail accounts in 2009) and Stuxnet (an attempt to disrupt Iran's uranium enrichment program) in 2010 are just a few high profile examples.

In recent months, these so-called "Advanced Persistent Threats" (APTs) have become so rampant and unrelenting that they are forcing enterprises to question the current security paradigm. Firms are beginning to wonder if it makes more sense to stop focussing on keeping attacks out, and start accepting that sometimes attackers are going to get in, and aim to detect them as early as possible and minimize the damage.
 
An APT is highly targeted at a specific organisation and takes a muted and often slow and prolonged approach to penetrating an organisation, with the aim of gathering intelligence rather than making immediate financial gain. APTs breach enterprise networks through a wide variety of vectors, including Internet-based malware infection, physical malware infection and external exploitation. APT perpetuators don't necessarily need to breach external network perimeters − they can, and often do, leverage insiders and “trusted connection” vectors to access targeted systems.

Protecting Organisations from APTs

Fortinet believes that the so-called holy trinity of security will help enterprises thwart APTs:
 
1.         Educate Users and Keep Security Policies Relevant
Users are generally considered the weakest link of the chain by attackers, and are often the target of initial infection. Companies need to educate them on APT infection vectors and social engineering techniques. And, as that won't guarantee that employees will never open an infected document, IT managers should make sure each user only has the access rights that he/she needs and no more.
 
 
12 > >>

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Developing an enforceable mobile security policy new
Security risks have been heightened by the proliferation of employee-owned mobile devices in many enterprises. Employees will almost always take the path of least resistance in leveraging mobile devices for business purposes, which may lead to unsafe computing practices. A clearly documented and enforceable mobile security policy is critical to reducing the risk of data loss.
When Android apps want more than they need
So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part—downloading the right apps to boost its functionality. You may even want to download a game or two or a movie or an MP3 player. But what if apps demand more of your personal information than they actually need?
 
 
 
Essar Group fights three BYOD devils new
Say BYOD, and CIOs cringe. They complain of security, supporting a flood of devices and losing control. But the CIO of Essar Group just proved his peers wrong. Here's how.
How Cisco deals with the BYOD revolution
Cisco Systems Inc. is one of the biggest IT companies in the world, with a disciplined organization. However, even its employees were unable to resist the bring-your-own-device revolution, which resulted in an explosion of SUSE Linux and Apple OS-based devices on a network that in 1999 had standardized on Windows. The company's IT department finally agreed to support new platforms, and learnt lessons from the experience.