Yes, this article is fully buzzword compliant but it makes some great points for security professionals to think about and organizations to grow towards. About the only thing it is missing is “cloud.” Anyway, the six key take-aways (along with my non-buzzword compliant interpretations) include the following:
- Use big data for analysis/detection (i.e., use a SIEM with advanced correlation capabilities to collect and analyze everything)
- Share information with the right people (i.e., join one of the ISACs, DIB, or similar organizations and contribute what you find and learn from what others discover)
- Understand the “kill chain” (i.e., as Lockheed says … after an incident don’t just re-image and move on; map the bad guy’s attack from an offensive perspective to better understand their methods)
- Look for indicators of compromise (IOCs) (i.e., now it’s Mandiant’s turn … take what you learn in the kill chain and other sources and look for it elsewhere on your network)
- Test your network (i.e., run the bad stuff to learn more about it and hack your own network)
- Support more training for APT hunters (i.e., we need not only more training but specific analysis education to more easily connect the dots to find those covert bad guys)
Based on news reports and multiple statements from U.S. officials, hackers from China breach the systems of all kinds of U.S. businesses, from major newspapers to defense contractors and cutting-edge technology companies, and remain undetected long enough to make off with billions in intellectual property and sophisticated weapon designs.
Defense Secretary Chuck Hagel and officials from the National Security Agency and the Department of Homeland Security have called the power of APTs the security challenge of the modern era.
“Cyber is one of those quiet, deadly, insidious unknowns you can’t see,” Hagel told U.S. troops in Hawaii. “It’s in the ether — it’s not one big navy sailing into a port, or one big army crossing a border, or squadrons of fighter planes … This is a very difficult, but real and dangerous, threat. There is no higher priority for our country than this issue.”
APTs are also no longer solely the domain of nation-states with vast resources, nor are they focused only on espionage or attacks against military and other government entities. They are “living” on networks in IT, energy, news, telecom, manufacturing and other sectors of the economy.
Today’s post pic is from 123RF.com.