Security was on everyone’s mind at this year’s Interop Las Vegas conference, with workshops ranging from insider threats to social engineering, supply chains and managing targeted attacks.
One key point that emerged from all of the discussion was that businesses and governments need to understand the motivations of cyber attackers.
Dmitri Alperovitch led the INTEROP workshop which was focused solely on the benefits of knowing your enemy. The days when security was a matter of “merely” battling cyber criminals and young hackers out for a joyride are over. Today, we also have cyberespionage, hacktivists and state-sponsored hacking to contend with as well. Seems that everyone is exploiting digital to gain even the tiniest edge in business or politics.
Given these less-than-cheerful facts, Alperovitch urged attendees to make a strong effort to understand what motivates articular attackers, and – very interestingly – how attackers define success. If you know what a win looks like to an attacker, you can construct policies, practices and defenses accordingly.
“People tend to think of breaches as a discrete event. A company gets hacked, they clean up, they announce to the world that everything is great again and the CEO writes a heartfelt apology to the customer … The reality is the adversaries don’t give up when they’ve been detected and kicked out. Because if it’s a nation-state operation, you’ve got a soldier or an intelligence officer who has a job to do and he’s got a general knocking on his door saying ‘Where’s my data from this company?’ and you don’t just give up because you got kicked out,” Alperovitch said, as quoted by Dark Reading.
“If they don’t come back, you should worry because it means they’ve already taken everything,” Alperovitch warned.
We’ve seen much the same happen in our work at BAI Security. Companies will think they remediated a breach, only to find out later that the network still harbors malicious hackers. One of the best ways to discover whether or not the organization has suffered a breach of its defenses is to search for anomalies on the endpoints themselves in real time. The BAI Security Proactive Compromise Detection service helps an organization find possible malicious code that exists within the enterprise through a long term deployment of highly-specialized yet nonintrusive forensic software on all endpoints.
BAI Security’s team of security experts can then detect the custom-coded malware and other variants used by today’s attackers that signature-based antivirus/malware solutions, as well as Indicators of Compromise (IOC)s cannot detect. Our detection capabilities include identification of attacks from stealth/idle malware, zero-day code, rootkits, Trojans, key loggers, and various forms of data capturing programs.
Through examination of every piece of software, anything that appears suspicious is carefully examined in order to confirm its validity in an environment. Compromised servers and workstations involved in data breaches often are infected days, weeks, or even months before the actual data loss begins. Data leakages can be avoided with this detection service by locating the malicious software before they siphon off data about end-user activity, customer/patient information, or proprietary data. Find out more about this service here.
And since we’d all rather keep attackers out of the system in the first place, we offer a Breach Risk Assessment service that helps to identify and close vulnerabilities before they are exploited. During this assessment we check the real-world effectiveness of an organization’s existing security controls. While IT Security and compliance audits also check for the existence of required controls, it’s unfortunately true that even a 100% compliant organization can often be vulnerable in the real world against a skilled human threat agent. Find out more about this service here.