TechForum

Fighting the outsider threat

Businesses need a full view of the network, not just what is entering it, but what is going on inside, says John McLoughlin, MD of J2 Software.


Johannesburg, 03 Nov 2014
Read time 3min 00sec

It is common sense that the sooner an attack is identified, the faster it can be contained and mitigated, limiting the fallout as much as possible. Businesses need to supplement their traditional security tools and protocols with skilled incident response teams, forensic tools and technologies that provide a full view of the network, not just what is entering the network, but what is going on inside.

In this way, companies will be able to identify if a breach is happening, what impact it has had, and identify ongoing data theft, and other malfeasance.

John McLoughlin, MD of J2 Software, says perimeter defences are no longer doing the job. "Today's threats use multiple vectors and means to achieve their aims, and while traditional security measures such as firewalls, DLP and IPS could possibly pick up part of an attack, they are woefully inadequate weapons in the war against advanced threats."

He says it should be noted although malicious software is used for the initial compromise, once inside a network, a cyber criminal will need legitimate credentials in order to move around the network, looking for the information they are after, and, in turn, exfiltrating that information.

At one time, advanced persistent threats (APTs) employed reverse back doors to access compromised networks remotely. However, these threats could be detected through their generation of consistent and routine network traffic. "Today's threats often include a passive backdoor and are more difficult to detect and protect against."

McLoughlin says dynamic defences are the way forward. "Only dynamic defences can hope to fight dynamic attacks. Thorough coverage is needed to fight attacks that happen in multiple stages, across multiple vectors."

The first step, he says, is identifying unusual behaviour on the network. Should anything raise the red flag, a good investigative tool will be able to make a call on whether a breach has occurred or whether it's a false alarm.

"It's not brain surgery," he says. "Organisations cannot fight against threats they cannot see. A solution that offers network visibility, covering all network communications, is needed to augment traditional security systems."

Anomalous behaviour must be detected, and a thorough audit trail of activity on the network must be kept, he explains. In addition, having some security intelligence in place, so that potential threats don't take days, or heaven forbid even longer, to analyse. "Make sure your security staff members have the right skills, and are able to examine threats, and make the right call. All incident responders should be able to properly investigate all attacks, and put together a comprehensive mitigation solution."

He adds cognitive and behavioural biometric controls that monitor how staff act inside an application will provide continuous authentication. "Techniques such as sandboxing, virtualisation and similar, will also help keep a businesses' most sensitive information separate from the main network. A determined attacker will find a way in, that is a given. This can take a matter of minutes, or the attack can involve weeks of planning, and preparation. APTs are highly targeted and sophisticated, and far more difficult to prevent than a garden variety malware attack."

A thorough, unified defence, that can not only detect anomalous behaviour, but analyse it, mitigate against it and limit the damage, is the best approach, he concludes.

J2 Software

With Global markets in a state of constant flux and companies looking for innovative ways to ensure their survival, more companies are resorting to protecting their market share and optimising their internal resources at all costs. J2 Software has been at the forefront of assisting companies in achieving these goals by providing effective and easy to manage data security and policy enforcement solutions.

J2 Software provides solutions and services that allow its customers to leverage technology to reduce risk, improve compliance, cut costs and keep control. The company offers its clients complete peace of mind through the cost-effective delivery of world-beating policy enforcement and compliance solutions, communication cost allocation, data security, encryption and PC protection tools and services.

The company has implemented solutions in South Africa, Angola, Botswana, Kenya, Malawi, Mauritius, Mozambique, Tanzania, Uganda and Zambia.

J2 Software represents SystemSkan, Mimecast, Zscaler, SentryBay, Aspivia, Secude, Avira and Flickswitch.

Editorial contacts
Exposure Mia Andric (+27) 82 564 0087 mia@exposureunlimited.net
J2 Software John Mc Loughlin (+27) 861 00 5896 john@j2.co.za
Have your say
Facebook icon
Youtube play icon