Attacks on IMF, Lockheed, others highlight need for defenses against targeted attacks

More focuses needed on network monitoring, outbound filtering, whitelisting

By , Computerworld |  Security

The recent spate of successful cyber attacks against high-profile organizations has focused fresh attention on the need for enterprises to implement new defenses against targeted threats.

Over the last few months several supposedly secure organizations, including RSA , Lockheed Martin , and the Oak Ridge National Laboratory have been victims of major attacks.

Last week the International Monetary Fund joined the list when it admitted to a similar intrusion.

An anonymous IMF source quoted in a story in The New York Times described the incident as a "very major breach" that likely resulted from so-called spear phishing.

All of the recent attacks have appeared to be very targeted and persistent, and carried out by adversaries using a combination of social engineering techniques and sophisticated malware programs.

Dealing with such threats requires companies to look beyond security strategies that are focused purely on dealing with traditional network threats analysts said.

Increasingly, companies also need to focus on approaches such as continuous monitoring of networks, databases, applications and users, outbound traffic filtering and white listing.

"Time and again, as details of these attacks are made clear, we find that attackers are not behaving like stereotypical burglars, smashing a window, grabbing what they want, then walking off with a big bag marked "swag" while the alarms ring," said Mike Lloyd, chief scientist with Redseal.

Instead "a common thread through many damaging incidents is targeted executables getting installed on critical servers or high value employee PCs," said John Pescatore, an analyst with Gartner.

The goal behind many of these attacks is to surreptitiously establish a persistent point of presence inside a network and use that to snoop on and steal information.

One way of dealing with such threats is by constantly monitoring for configuration changes on important assets, he said. Network forensics and database activity monitoring products such as those from FireEye and Damballa are useful in detecting and blocking targeted threats which conventional signature-based tools let through, he said.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness