By: Derek Manky

 

Global Security Strategist,Fortinet

 

143 million. The number of US consumers potentially affected by the recently announced credit services data breach is staggering. It’s nearly half the US population. And as a credit reporting service, this data includes names, addresses, financial histories, social security numbers, banking information, and even driver’s license numbers. It may take years to fully understand and resolve all of the potential personal and financial implications.

 

The data that was stolen in this attack is especially valuable. Credit cards are cheap and easy to replace, and subsequently have little resale value on the DarkNet. But the data targeted in this case is different. It includes everything a criminal enterprise would need to establish a lucrative identity theft operation, like the one

 

that Fortinet’s FortiGuard team helped Interpol uncover last year in Nigeria. In similar cases that FortiGuard has followed, we have seen such data used for things ranging from identity theft to money laundering, and even the financing of terrorism.

 

For the company hit by this attack, the financial impact will be equally massive. Within hours of the announcement a class action lawsuit was filed. More will likely follow. Their reputation will also likely be affected, and banks and lending institutions that rely on – and pay for – their credit services may be reluctant to touch potentially corrupted information. There are already a number of cybercrime bills working their way through US legislation. Because this is a hot topic, elected officials are likely to be outraged and demand stricter regulations and oversight that could affect the entire industry. And consumers who may potentially end up paying billions for services to help them resolve identity theft issues are likely to hold the company accountable.

 

Breaches like this often happen when network security is focused on the perimeter, but doesn’t adequately protect the network interior. Security professionals have long referred to such perimeter-focused security – whether at the physical edge of the network or data center, deployed to defend web-based services and applications, or protecting the cloud – as “hard and crunchy on the outside, soft and chewy in the middle.” In such a scenario, attackers who are able to crack the hard candy shell surrounding the data have free and often undetected access to the tasty nougat inside.

 

Meanwhile, in addition to wondering whether or not people were individually affected, the other question being asked in board rooms across the country today is what can organizations do – right now – to make sure this doesn’t happen to them? Here are seven critical places to start:

 

1.Prevent Compromise By Practicing Good Hygiene

 

Far too many organizations have neglected their basic patch and replace security hygiene. Networks are growing rapidly and span a variety of ecosystems, from IoT to the cloud. Establishing and maintaining an inventory of devices can be challenging. Given the number of successful attacks over the past few months that targeted vulnerabilities for which patches were readily available, and the millions of organizations that were affected as a result, regardless of how hard this may be, patching isn’t optional.

 

It is imperative that every organization establishes and maintains a formal patching and updating protocol. Ideally, this would be automated, tracked, and measured. In addition, a process needs to be implemented to identify and either replace or take offline those systems that can’t or that can no longer be patched.

 

2. Protect Your Network By Creating And Using Signatures

 

While new attacks are a real risk, most breaches are actually caused by attacks that have been around for weeks, months, or sometimes even years. In fact, the vast majority of attacks we see target known vulnerabilities for which a patch has been available for an average of three years. And many target vulnerabilities as much as ten years old. And because these vulnerabilities are known, attacks and exploits targeting those vulnerabilities can be detected using signatures. Signature-based detection tools allow you to quickly look for and block any attempted infiltration, or the execution of an exploit targeting known vulnerabilities.

 

Signature-based tools are also increasingly effective against complex issues like zero-patch environments, such as IoT and other interconnected devices that are increasingly being adopted by organizations and that have been shown to be highly vulnerable to attack.

 

3. Detect And Respond To Zero Day Threats By Using Behavior-Based Analysis

 

Of course, not all threats have a recognizable signature. New sophisticated attacks utilize a number of techniques to circumvent protections and evade detection. Behavior-based security tools are designed to look for covert command & control systems, identify inappropriate or unexpected traffic or device behavior, disable things like zero-day malware variants via detonation chambers/sandboxing, and correlate data to identify and respond to advanced threats.

 

As attacks become more sophisticated, and attackers begin integrating things like AI to improve their ability to penetrate defenses while evading detection, security will need to continue to evolve as well. Advances in intent-based security, for example, will not only check and inspect data and applications crossing into the network for malware, but will provide deep inspection. They will look for patterns and then continuously monitor that traffic in order determine intent, allowing intelligent security systems to proactively intervene and thwart an attack before it has even begun.

 

4. Deploy Web Application Firewalls

 

While many attacks still leverage tried and true methods for infiltrating a network, such as email-based phishing or targeting known and unpatched vulnerabilities, many threats no longer enter the network through traditional avenues. Web-based attacks are increasingly common, often exploiting the exponential growth in applications – especially those designed to query and mine for information directly in the data center.

 

Because the demand for homegrown and customized web applications has grown so rapidly, many organizations simply do not have the time or resources to adequately test and harden the applications and servers they are deploying. An effective way to close that gap is by implementing a Web Application Firewall (WAF). These security devices are specifically designed to provide deep, high performance inspection of web application traffic far beyond what is provided by traditional NGFW technology.

 

5. Leverage Threat Intelligence

 

Advanced threat intelligence enables organizations to shrink the time to detect threats and close the gap between detection and response. There are a number of threat feeds available that keep organizations up to date regarding the latest threat trends and detected exploits. The challenge is converting this data into usable intelligence and cross-correlating it with your local intelligence and infrastructure. And deploy tools such as SIEM and WAF technologies that can consume that data, convert it into actionable policies, and apply it to protecting your network.

 

At the same time, consider joining a local ISAC (Information Sharing and Analysis Centers), especially one designed for your industry or architecture, where you can receive relevant threat intelligence and share what you see with your industry peers.

 

6. Avoid Point Solutions

 

Given the rapid expansion of networks, their dynamic and elastic nature, and the shift from a single perimeter to dozens or even hundreds of potential access and data exchange points, the traditional security strategy of deploying point security devices or platforms at the edge of the network or data center is no longer adequate. Further, traditional point security technologies tend to be isolated, which means they can only see and respond to the threats that pass in front of them.

 

But given the nature of today’s advanced, multi-vector, and highly intelligent threats, security solutions need to be interconnected into a single, cohesive system that can span and adapt to elastic network architectures. This dynamic integration provides transparent visibility across the entirety of the network, which is critical because you can’t defend against a threat you can’t see. In addition, a system of integrated, orchestrated security solutions enables organizations to proactively and intelligently fight cyberattacks wherever they occur.

 

An integrated security framework, like the Fortinet Security Fabric, connects security tools so they can share and correlate information, and enables centralized orchestration, single pane of glass management, and consistent policy distribution. More importantly, it also enables a coordinated response to attacks, automatically hardens security and access points, isolates affected devices and malware, identifies vulnerable or compromised systems, and initiates forensic analysis and remediation.

 

7. Segment Your Network

 

Given the fluid nature of device access, and the wide-ranging flow of applications and data across many of today’s networks, it is more important than ever that you establish and maintain effective and secure network segmentation that prevents threats from spreading horizontally across your network.

 

Organizations can dramatically improve their security by deploying Internal Network Segmentation Firewalls to prevent the proliferation of threats, regardless of whether they managed to breach the security perimeter or compromise an access point, or originated internally. ISFWs may sit in front of specific servers that contain valuable intellectual property, protect a set of user devices or web applications sitting in the cloud, or secure traffic moving between logical divisions of responsibility or lines of business inside an organization.

 

In the case of a data model where massive amounts of data are collected and correlated in a single environment, it is especially critical that segmentation controls be established that can detect threats that have managed to penetrate the perimeter of the data center and are now moving laterally through that environment. Without segmentation and detection tools in place, such threats are free to collect, corrupt, and exfiltrate data. Internal segmentation, micro segmentation, and controls that track and monitor things like behaviors and workflows are essential for today’s data-centric digital businesses.

 

While the scale of this data breach is alarming, the attack they suffered is not unique. Far too many organizations have adopted state of the art network designs and yet still rely on isolated second-generation security solutions and strategies to protect them. More than ever, security cannot be an afterthought. It requires planning, people, and processes combined with adaptive security technologies that can dynamically scale to today’s digital networks and automatically respond as a single, integrated system to address the advanced cyberthreats targeting them


RECOMMENDED ARTICLE FOR TECHWORLD


PC Buyers Guide
Kingston Technology Wins Multiple Awards from Cyber Defense Magazine
Techworld • By: PC Buyers Guide | Date Posted: 20 October 2018 9:13 AM | 97 Views
Kingston, a world leader in memory products and technology solutions, announced that it has won the ‘Hot Company Data Loss Prevention’ category, an acknowledgement of their thought leadership within the industry.. See More
PC Buyers Guide
Kingston Technology Wins Multiple Awards from Cyber Defense Magazine
Techworld • By: PC Buyers Guide | Date Posted: 9:13 AM | 97 Views
Kingston, a world leader in memory products and technology solutions, announced that it has won the ‘Hot Company Data Loss Prevention’ category, an acknowledgement of their thought leadership within the industry.See More

 
From Shaking Their Hands to Paying off Their Debts: Third party Cybersecurity Failures Cost Businesses the Most
Techworld Date Posted: 25 September 2017 11:26 AM | 228 Views
While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of.... See More
 
From Shaking Their Hands to Paying off Their Debts: Third party Cybersecurity Failures Cost Businesses the Most
Techworld Date Posted: 11:26 AM | 228 Views
While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of...See More

 
Epson Wins Good Design Awards for Projectors, Printers, and Scanner
Techworld Date Posted: 7 December 2018 4:35 PM | 79 Views
Seiko Epson Corporation (TSE: 6724, "Epson") has won a 2018 Good Design Award for a total of eight designs, including three for projectors, four for printers, and one for a scanner.. See More
 
Epson Wins Good Design Awards for Projectors, Printers, and Scanner
Techworld Date Posted: 4:35 PM | 79 Views
Seiko Epson Corporation (TSE: 6724, "Epson") has won a 2018 Good Design Award for a total of eight designs, including three for projectors, four for printers, and one for a scanner.See More

 
Kaspersky Lab Detects Roaming Mantis Attacking Smartphones in Asia via DNS Hijacking
Techworld Date Posted: 19 April 2018 4:25 PM | 1001 Views
Kaspersky Lab researchers have discovered a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting smartphones, mostly in Asia. The campaign, dubbed Roaming Mantis remains highly active and is.... See More
 
Kaspersky Lab Detects Roaming Mantis Attacking Smartphones in Asia via DNS Hijacking
Techworld Date Posted: 4:25 PM | 1001 Views
Kaspersky Lab researchers have discovered a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting smartphones, mostly in Asia. The campaign, dubbed Roaming Mantis remains highly active and is...See More

 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 26 October 2017 1:06 PM | 434 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,. See More
 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 1:06 PM | 434 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,See More

 
Synology® Unveils Surveillance Station 8.2 to Liberate Phone-Based Surveillance
Techworld Date Posted: 26 October 2018 4:28 PM | 84 Views
Synology Inc. recently announced Surveillance Station 8.2. Locally available in the Philippines, this release showcases LiveCam, a brand new security camera app that instantly turns a spare phone into an IP camera.. See More
 
Synology® Unveils Surveillance Station 8.2 to Liberate Phone-Based Surveillance
Techworld Date Posted: 4:28 PM | 84 Views
Synology Inc. recently announced Surveillance Station 8.2. Locally available in the Philippines, this release showcases LiveCam, a brand new security camera app that instantly turns a spare phone into an IP camera.See More

 
NVIDIA® RTX™ Technology Realises Dream of Real-Time Cinematic Rendering
Techworld Date Posted: 23 March 2018 1:33 PM | 409 Views
NVIDIA® RTX™ is the product of 10 years of work in computer graphics algorithms and GPU architectures. It consists of a highly scalable ray-tracing technology running on NVIDIA® Volta architecture GPUs. Architected to support.... See More
 
NVIDIA® RTX™ Technology Realises Dream of Real-Time Cinematic Rendering
Techworld Date Posted: 1:33 PM | 409 Views
NVIDIA® RTX™ is the product of 10 years of work in computer graphics algorithms and GPU architectures. It consists of a highly scalable ray-tracing technology running on NVIDIA® Volta architecture GPUs. Architected to support...See More

 
Kaspersky Lab Industrial Cybersecurity Conference 2018 Call for Papers
Techworld Date Posted: 3 May 2018 3:42 PM | 146 Views
The growing interconnectedness of IT and operational technology (OT) systems raises new security challenges and requires the transformation of both protection technologies and the mindsets of board members, engineers and IT security teams. . See More
 
Kaspersky Lab Industrial Cybersecurity Conference 2018 Call for Papers
Techworld Date Posted: 3:42 PM | 146 Views
The growing interconnectedness of IT and operational technology (OT) systems raises new security challenges and requires the transformation of both protection technologies and the mindsets of board members, engineers and IT security teams. See More

 
Introducing the new special editions to the moto g family moto G5s and moto G5s plus
Techworld Date Posted: 14 October 2017 2:30 PM | 377 Views
Motorola continues to bring unique and intuitive user experiences that Filipinos love and the two new additions to its moto g family: moto g5s and moto g5s plus, come with the latest innovations in.... See More
 
Introducing the new special editions to the moto g family moto G5s and moto G5s plus
Techworld Date Posted: 2:30 PM | 377 Views
Motorola continues to bring unique and intuitive user experiences that Filipinos love and the two new additions to its moto g family: moto g5s and moto g5s plus, come with the latest innovations in...See More

 
D-Link Partners with PSITE to Elevate IT Education in PH
Techworld Date Posted: 24 March 2018 4:16 PM | 417 Views
Reflecting its support for quality IT education in the Philippines, leading global supplier of networking products D-Link International Pte. Ltd. has entered into a partnership with the Philippine Society of Information Technology Educators Foundation,.... See More
 
D-Link Partners with PSITE to Elevate IT Education in PH
Techworld Date Posted: 4:16 PM | 417 Views
Reflecting its support for quality IT education in the Philippines, leading global supplier of networking products D-Link International Pte. Ltd. has entered into a partnership with the Philippine Society of Information Technology Educators Foundation,...See More


Power by

Download Free AZ | Free Wordpress Themes