"With the rising prevalence of APT and insider attacks, organizations must move beyond locking down the perimeter and arm their security professionals with the tools they need to hunt for attackers lurking inside the network," said Tom Cross, director of security research at Lancope. "Government and enterprise IT organizations can no longer just sit back and hope that their security tools will block attacks while they sleep."
Top five tips for network protection:
1. Develop a 0-day defense strategy. The sophisticated, targeted attacks that networks are facing today cannot be resolved simply by mitigating known vulnerabilities with technical controls like antivirus and IDS/IPS.
Recent research by Symantec identified attacks involving 0-day vulnerabilities that proceeded for as long as 30 months before signature-based protections became available. If organizations want to detect these types of attacks, they must complement their signature-based systems with behavioral-based technology that can detect attacks when signatures are not available.
2. When it comes to stopping sophisticated attacks, focus on people and not just technology. The indicators that lead to the detection of sophisticated attacks can be subtle. If security professionals want to stay ahead of attackers, they must play a more active role, leveraging security tools and network event data to investigate incidents and gather intelligence. They should not completely rely on the tools to do all of the work of detecting and blocking attacks automatically.
3. Think beyond the perimeter. While external controls at the network edge are valuable for detecting some types of attacks, today's reality dictates a need for visibility into the internal network. Many of today's threats do not even come into the network via the perimeter.
Instead, they originate from insiders or are carried through the front door on a USB drive or mobile device. It is prudent to assume that these days, some threats WILL bypass the perimeter, and the only way to detect and combat them is to obtain in-depth, internal network visibility.
4. Educate your users. 2012 has been a banner year for password theft. Chances are high that at least a few of your employees have had their passwords to various web sites compromised in recent months. Some may be using those same, stolen passwords to access your network. End users are also targets of attacks like drive-by downloads and spear phishing.
Educating users on top security risks and the appropriate ways to avoid them can make a difference. Users who are on the lookout for suspicious emails may be the first to alert your security staff to sophisticated spear phishing campaigns that have evaded perimeter defenses.
5. Plan to protect an evolving infrastructure. As technologists continue to innovate, security unfortunately often takes a hit. This year, we have seen an explosion in trends including virtualization, cloud computing, BYOD (bring-your-own-device) and IPv6, which can all complicate network infrastructure (at least temporarily).
As organizations embrace these technologies, they should also be asking themselves how they will impact their risk posture. IT administrators need to determine if their current tools can protect against threats that could emerge from these innovations, and if not, quickly invest in tools that can.