Cyberattacks have pretty much become a part of every day life. Security firm ForeScout's State of Cyber Defense Maturity Report found that more than 96 percent of organizations experienced a major IT security breach in the past year. One in six organizations had five or more significant security incidents in the past 12 months, and almost 40 percent had two or more incidents.
“The media reports of stolen information or compromised networks are almost a daily occurrence,” wrote Ray Boisvert, president of I-Sec Integrated Strategies. “The stories are increasingly alarming and the trend line is troublesome.”
How you respond, though, is the key factor. Here are several tips on how to disinfect your data center and beef it up against further attacks.
Anti-Virus and Firewalls Are Not Enough
A report by network security firm Netskope discovered that the overwhelming trend toward securing the cloud revolved around the utilization of firewalls as an effective perimeter. The study found that 90 percent of cloud application usage in the enterprise had been blocked by network perimeter devices, yet someone in IT granted exceptions so they could continue to run—so much for firewalls securing the enterprise.
Similarly, anti-virus software can no longer keep up with the sheer volume of daily viruses and their variants that are created in cyberspace. You might recall that cybersecurity firm Radware recently announced the discovery a new Permanent Denial-of-Service (PDos) botnet named BrickerBot, designed to render the victim’s hardware useless. Also known as “phlashing,” a PDoS attack can damage a system so badly that it requires replacement or reinstallation of hardware and is becoming increasingly popular, according to Ron Winward, security evangelist for the company.
Do you think for a moment that Sony, Target or any of the big financial institutions that have suffered breaches didn’t have firewalls and AV in place?
That said, there are plenty of useful tools out there such as Malwarebytes that should be used to detect and cleanse the data center of any detected or suspected infections.
Implement Whitelisting, Add Intrusion Detection
Whitelisting is a good way to strengthen defenses and isolate rogue programs that have successfully infiltrated the data center.
“Even if malware already exists on a workstation, it will be blocked when it attempts to call home,” wrote Stu Sjouwerman, CEO of security firm KnowBe4 in a blog.
Also known as application control, whitelisting consists of a short list of the applications and processes that are authorized to run. This strategy limits use with a "deny-by-default" approach so that only approved files or applications can be installed. According to McAfee, dynamic application whitelisting strengthens security defenses and helps to prevent malicious software and other unapproved programs from running.
Modern networking tools should also be considered part of the security arsenal as they can highlight abnormal patterns if configured correctly. For example, you can set up intrusion detection to trigger when any host uploads greater than 20 MB more than say, eight times during a single day. That would eliminate normal user behavior and help contain existing threats.
Boisvert advocates real-time analytics in tandem with a methodology that focuses on likely attack vectors as the best way to augment current security practices. The web, he wrote, should be regarded as a hostile environment filled with predators. As the bad guys are already inside, data center managers should be trying to figure out how to close the timeline to discovery. “We need to use software to do the heavy lifting to combat cyber-threats and cyber-terrorists. SAS, for example, has been working on behavioral analytics to better detect internal security threats.”
Boost the Human Perimeter
Perhaps the most important thing to realize is that technology alone will never solve the problem. Perfect email filters will cause the bad guys to use the phone. Perfect phone filters lead them to target peoples’ personal social media accounts. Close one door and they will find another—it’s not unlike those movies where the thief always gets the loot or the painting, no matter how many layers of security are employed. But there is something you can do about it.
“Training and education has to be is part of the solution to make people aware of these attacks, how they can detect, stop and report them,” wrote Sjouwerman.
End-user Internet Security Awareness Training is all about teaching users not to do silly things like clicking on suspect URLs in emails, or opening attachments that let in the bad hats. Sjouwerman recommended putting all staff through such training. “Even when an organization has published policies and implemented the many security procedures and technologies, it still needs to train its employees. The perimeter is dead; individual employees are now the perimeter.”