Subscribe

Understand who's inside your network

By Simon Campbell-Young, CEO of Phoenix Distribution

By Simon Campbell-Young for Phoenix Distribution
Johannesburg, 31 Oct 2013

In a recent forecast, Gartner stated that the security market rose to $60 billion in 2012, up 8.4% from 2011, and is expected to grow to $85 billion in 2016. At the same time, Verizon's 2012 Data Breach Investigations Report claims 855 security breaches were recorded and 174 million records compromised.

Simon Campbell-Young, CEO of Phoenix Distribution, says this poses the question: "Where is the security industry going wrong?"

Organisations are spending more and more, but this is not preventing breaches, and threats show no sign of abating. Our most sensitive and private data is still falling into the wrong hands. The lion's share of security budgets are spent on preventing security incidents, yet they still happen with alarming regularity, and increasing severity.

Add to this, according to Mandiant, two-thirds of the time, an organisation finds out it has been infiltrated through a third party, and only a third of the time they discover it for themselves. Moreover, the majority of advanced persistent threats (APTs), which do the most damage, are only discovered after they have been lurking on the network for well over a year, stealthily watching and stealing information.

"What we know for sure is that, in all likelihood, your organisation will suffer a breach at some point, if it hasn't already," he says.

According to Campbell-Young, in order to successfully defend and mitigate attacks, businesses need to understand their nature. "In most cases, the threat actor will have studied the organisation with a view to identifying possible weaknesses. This may include social engineering and scrutinising social media profiles and so on. Many breaches can be linked to phishing or spear phishing attacks, using a covert, stealthy approach to get inside the network."

Once the cyber crook has a foot in the door, the malware will scan the internal network, and infiltrate all corners of the infrastructure, compromising additional hosts as it travels. Once it has established itself, the malware will look to release its payload. He says this can be the finding and exfiltration of data, overwriting or destroying data, or even causing disruption. "The possibilities are endless.

"Identifying a breach is just the first step to containing the fallout. Considering that most threats have more than likely been on your network for over a year, infecting other hosts, drawing additional capabilities in, stealing your information - merely trying to remove the malware is inadequate."

Most entities, once they are aware a breach has occurred, focus on removing the malicious code, but too often focus on the initial host only. This will not take into account the full compromise that has already inserted itself into all corners of the infrastructure. It is probably still active, and removing the malware only will not take control of the network and its many compromised internal devices out of the attacker's hands.

Businesses need to look beyond traditional security measures if they are to adequately protect themselves. Firstly, you can't remove threats you are unaware of. "This is where network visibility and security intelligence come in. All internal network communications must be visible and monitored to identify and address any anomalous behaviours. Any warnings should be analysed at once, and of course, IT staff must be able to interpret the results," says Campbell-Young.

Incident response should also be elevated, and incident responders empowered to closely investigate all attacks, and formulate a solution to combat them. "Netflow-based monitoring is a best practice that should be adopted by all organisations," he adds.

Lastly, Campbell-Young says companies should feed the information back into the threat detection strategy, and intelligence community, to improve detection rates and identify possible threats in the future.

Businesses must supplement traditional security approaches and methods with improved incident response, forensic capabilities and network visibility tools. "Understand not only what is coming into the network, but what is already inside," he concludes.

Share

Phoenix Distribution

Phoenix Distribution is currently the leading value-added distributor of software, accessories and peripherals across the African continent, covering software publishing, localisation and product distribution across multiple territories in multiple languages.

The business is segmented into two divisions, namely corporate software licensing and retail product distribution, and Phoenix Distribution dominates the consumer and SME security sectors through key brands, which include: Norton/Symantec, AVG, Kaspersky and Bitdefender. Additional brands within the consumer-focused range include Microsoft software and peripherals, Beats by Dr Dre, Trendnet Wireless products, Monster Cables and mobile accessories.

The corporate licensing division sells volume licensing into the enterprise and SME reseller environments, as well as covering architecture and implementation. The ESD division delivers download content into all channels, including B2B and B2C.

The retail division delivers physical product into the retail environment, covering all mainstream ICT, CES, telco, lifestyle, fashion and sports outlets, as well as independents and online stores. This division delivers direct to outlets and/or customers across sub-Saharan Africa.

Phoenix Distribution is growing at 70% per annum, with additional acceleration coming from development within the greater African marketplace, as well as the acquisition of significant high-end product lines within the enterprise arena. In addition, the company's UK business, PX Security, is firmly entrenched within the UK retail and SME reseller environments, shipping product through trusted distribution partners into mainstream retail outlets and direct engagement with B2B resellers. The UK operation publishes and distributes Bitdefender, Webroot and Avast.

Additional bespoke services offered to partners include electronic software distribution within the B2B and B2C environments, category management, training and end-to-end merchandising.

Phoenix Distribution, including the UK subsidiary PX Security, was recently acquired by First Technology Holdings.

For more information, visit www.phoenixsoftware.co.za, www.pxsecurity.co.uk and www.pxsoftware.co.za.

For purchasing information in Africa, visit www.kasperskyafrica.com, www.kasperskyangola.com, www.kasperskybotswana.com, www.kasperskymozambique.com, www.kasperskynamibia.com, www.kasperskysouthafrica.com, www.kasperskydrcongo.com,
www.kasperskyzimbabwe.com, www.kasperskyzambia.com, www.antivirusangola.com, www.antivirusbotswana.com, www.antivirusmozambique.com, www.antivirusnamibia.com, www.antivirussouthafrica.com, www.antivirusdrcongo.com, www.antiviruszimbabwe.com, and www.antiviruszambia.com.

Editorial contacts

Mia Andric
Exposure
mia@exposureunlimited.net