By: Derek Manky

 

Global Security Strategist,Fortinet

 

143 million. The number of US consumers potentially affected by the recently announced credit services data breach is staggering. It’s nearly half the US population. And as a credit reporting service, this data includes names, addresses, financial histories, social security numbers, banking information, and even driver’s license numbers. It may take years to fully understand and resolve all of the potential personal and financial implications.

 

The data that was stolen in this attack is especially valuable. Credit cards are cheap and easy to replace, and subsequently have little resale value on the DarkNet. But the data targeted in this case is different. It includes everything a criminal enterprise would need to establish a lucrative identity theft operation, like the one

 

that Fortinet’s FortiGuard team helped Interpol uncover last year in Nigeria. In similar cases that FortiGuard has followed, we have seen such data used for things ranging from identity theft to money laundering, and even the financing of terrorism.

 

For the company hit by this attack, the financial impact will be equally massive. Within hours of the announcement a class action lawsuit was filed. More will likely follow. Their reputation will also likely be affected, and banks and lending institutions that rely on – and pay for – their credit services may be reluctant to touch potentially corrupted information. There are already a number of cybercrime bills working their way through US legislation. Because this is a hot topic, elected officials are likely to be outraged and demand stricter regulations and oversight that could affect the entire industry. And consumers who may potentially end up paying billions for services to help them resolve identity theft issues are likely to hold the company accountable.

 

Breaches like this often happen when network security is focused on the perimeter, but doesn’t adequately protect the network interior. Security professionals have long referred to such perimeter-focused security – whether at the physical edge of the network or data center, deployed to defend web-based services and applications, or protecting the cloud – as “hard and crunchy on the outside, soft and chewy in the middle.” In such a scenario, attackers who are able to crack the hard candy shell surrounding the data have free and often undetected access to the tasty nougat inside.

 

Meanwhile, in addition to wondering whether or not people were individually affected, the other question being asked in board rooms across the country today is what can organizations do – right now – to make sure this doesn’t happen to them? Here are seven critical places to start:

 

1.Prevent Compromise By Practicing Good Hygiene

 

Far too many organizations have neglected their basic patch and replace security hygiene. Networks are growing rapidly and span a variety of ecosystems, from IoT to the cloud. Establishing and maintaining an inventory of devices can be challenging. Given the number of successful attacks over the past few months that targeted vulnerabilities for which patches were readily available, and the millions of organizations that were affected as a result, regardless of how hard this may be, patching isn’t optional.

 

It is imperative that every organization establishes and maintains a formal patching and updating protocol. Ideally, this would be automated, tracked, and measured. In addition, a process needs to be implemented to identify and either replace or take offline those systems that can’t or that can no longer be patched.

 

2. Protect Your Network By Creating And Using Signatures

 

While new attacks are a real risk, most breaches are actually caused by attacks that have been around for weeks, months, or sometimes even years. In fact, the vast majority of attacks we see target known vulnerabilities for which a patch has been available for an average of three years. And many target vulnerabilities as much as ten years old. And because these vulnerabilities are known, attacks and exploits targeting those vulnerabilities can be detected using signatures. Signature-based detection tools allow you to quickly look for and block any attempted infiltration, or the execution of an exploit targeting known vulnerabilities.

 

Signature-based tools are also increasingly effective against complex issues like zero-patch environments, such as IoT and other interconnected devices that are increasingly being adopted by organizations and that have been shown to be highly vulnerable to attack.

 

3. Detect And Respond To Zero Day Threats By Using Behavior-Based Analysis

 

Of course, not all threats have a recognizable signature. New sophisticated attacks utilize a number of techniques to circumvent protections and evade detection. Behavior-based security tools are designed to look for covert command & control systems, identify inappropriate or unexpected traffic or device behavior, disable things like zero-day malware variants via detonation chambers/sandboxing, and correlate data to identify and respond to advanced threats.

 

As attacks become more sophisticated, and attackers begin integrating things like AI to improve their ability to penetrate defenses while evading detection, security will need to continue to evolve as well. Advances in intent-based security, for example, will not only check and inspect data and applications crossing into the network for malware, but will provide deep inspection. They will look for patterns and then continuously monitor that traffic in order determine intent, allowing intelligent security systems to proactively intervene and thwart an attack before it has even begun.

 

4. Deploy Web Application Firewalls

 

While many attacks still leverage tried and true methods for infiltrating a network, such as email-based phishing or targeting known and unpatched vulnerabilities, many threats no longer enter the network through traditional avenues. Web-based attacks are increasingly common, often exploiting the exponential growth in applications – especially those designed to query and mine for information directly in the data center.

 

Because the demand for homegrown and customized web applications has grown so rapidly, many organizations simply do not have the time or resources to adequately test and harden the applications and servers they are deploying. An effective way to close that gap is by implementing a Web Application Firewall (WAF). These security devices are specifically designed to provide deep, high performance inspection of web application traffic far beyond what is provided by traditional NGFW technology.

 

5. Leverage Threat Intelligence

 

Advanced threat intelligence enables organizations to shrink the time to detect threats and close the gap between detection and response. There are a number of threat feeds available that keep organizations up to date regarding the latest threat trends and detected exploits. The challenge is converting this data into usable intelligence and cross-correlating it with your local intelligence and infrastructure. And deploy tools such as SIEM and WAF technologies that can consume that data, convert it into actionable policies, and apply it to protecting your network.

 

At the same time, consider joining a local ISAC (Information Sharing and Analysis Centers), especially one designed for your industry or architecture, where you can receive relevant threat intelligence and share what you see with your industry peers.

 

6. Avoid Point Solutions

 

Given the rapid expansion of networks, their dynamic and elastic nature, and the shift from a single perimeter to dozens or even hundreds of potential access and data exchange points, the traditional security strategy of deploying point security devices or platforms at the edge of the network or data center is no longer adequate. Further, traditional point security technologies tend to be isolated, which means they can only see and respond to the threats that pass in front of them.

 

But given the nature of today’s advanced, multi-vector, and highly intelligent threats, security solutions need to be interconnected into a single, cohesive system that can span and adapt to elastic network architectures. This dynamic integration provides transparent visibility across the entirety of the network, which is critical because you can’t defend against a threat you can’t see. In addition, a system of integrated, orchestrated security solutions enables organizations to proactively and intelligently fight cyberattacks wherever they occur.

 

An integrated security framework, like the Fortinet Security Fabric, connects security tools so they can share and correlate information, and enables centralized orchestration, single pane of glass management, and consistent policy distribution. More importantly, it also enables a coordinated response to attacks, automatically hardens security and access points, isolates affected devices and malware, identifies vulnerable or compromised systems, and initiates forensic analysis and remediation.

 

7. Segment Your Network

 

Given the fluid nature of device access, and the wide-ranging flow of applications and data across many of today’s networks, it is more important than ever that you establish and maintain effective and secure network segmentation that prevents threats from spreading horizontally across your network.

 

Organizations can dramatically improve their security by deploying Internal Network Segmentation Firewalls to prevent the proliferation of threats, regardless of whether they managed to breach the security perimeter or compromise an access point, or originated internally. ISFWs may sit in front of specific servers that contain valuable intellectual property, protect a set of user devices or web applications sitting in the cloud, or secure traffic moving between logical divisions of responsibility or lines of business inside an organization.

 

In the case of a data model where massive amounts of data are collected and correlated in a single environment, it is especially critical that segmentation controls be established that can detect threats that have managed to penetrate the perimeter of the data center and are now moving laterally through that environment. Without segmentation and detection tools in place, such threats are free to collect, corrupt, and exfiltrate data. Internal segmentation, micro segmentation, and controls that track and monitor things like behaviors and workflows are essential for today’s data-centric digital businesses.

 

While the scale of this data breach is alarming, the attack they suffered is not unique. Far too many organizations have adopted state of the art network designs and yet still rely on isolated second-generation security solutions and strategies to protect them. More than ever, security cannot be an afterthought. It requires planning, people, and processes combined with adaptive security technologies that can dynamically scale to today’s digital networks and automatically respond as a single, integrated system to address the advanced cyberthreats targeting them


RECOMMENDED ARTICLE FOR TECHWORLD


 
Post Malone Joins HyperX Family
Techworld Date Posted: 26 October 2018 4:21 PM | 629 Views
HyperX, the gaming division of Kingston Technology Company, Inc. has announced the signing of Post Malone, an award-winning global superstar, as a HyperX Gaming Brand Ambassador. An avid Call of Duty console gamer,. See More
 
Post Malone Joins HyperX Family
Techworld Date Posted: 4:21 PM | 629 Views
HyperX, the gaming division of Kingston Technology Company, Inc. has announced the signing of Post Malone, an award-winning global superstar, as a HyperX Gaming Brand Ambassador. An avid Call of Duty console gamer,See More

 
Dragons, Zombies and Superheroes: Top TV Show Disguises Used to Spread Malware
Techworld Date Posted: 5 April 2019 10:20 AM | 340 Views
Cybercriminals are actively using new episodes of popular TV shows to distribute malware, research by Kaspersky Lab has found. Game of Thrones, The Walking Dead, and Arrow are the shows receiving the most attention.... See More
 
Dragons, Zombies and Superheroes: Top TV Show Disguises Used to Spread Malware
Techworld Date Posted: 10:20 AM | 340 Views
Cybercriminals are actively using new episodes of popular TV shows to distribute malware, research by Kaspersky Lab has found. Game of Thrones, The Walking Dead, and Arrow are the shows receiving the most attention...See More

 
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops
Techworld Date Posted: 27 June 2019 11:00 AM | 269 Views
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops. See More
 
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops
Techworld Date Posted: 11:00 AM | 269 Views
COLORFUL Introduces New iGame Line of Pre-Built Gaming DesktopsSee More

 
PLDT Offers Lowest Call Rate to All Networks
Techworld Date Posted: 12 April 2017 2:25 PM | 240 Views
Leading telecoms and digital services provider, PLDT, introduces its lowest call plan offer, the All Net Fam Call 299, starting April. The All Net Fam Call 299 allows subscribers to make 100 minutes of landline.... See More
 
PLDT Offers Lowest Call Rate to All Networks
Techworld Date Posted: 2:25 PM | 240 Views
Leading telecoms and digital services provider, PLDT, introduces its lowest call plan offer, the All Net Fam Call 299, starting April. The All Net Fam Call 299 allows subscribers to make 100 minutes of landline...See More

 
Realme Philippines Offers Wide-Activities for Lazada 12.12 Including Whole-Day Sale of Php5,490 for Realme C1
Techworld Date Posted: 10 December 2018 1:34 PM | 1023 Views
The Realme C1, the #RealEntryLevelKing, redefines the benchmark for entry-level smartphones, packing software and hardware features previously not available in devices in the same price segment.. See More
 
Realme Philippines Offers Wide-Activities for Lazada 12.12 Including Whole-Day Sale of Php5,490 for Realme C1
Techworld Date Posted: 1:34 PM | 1023 Views
The Realme C1, the #RealEntryLevelKing, redefines the benchmark for entry-level smartphones, packing software and hardware features previously not available in devices in the same price segment.See More

 
Symantec Protects Office 365 with Industry-Leading Data Loss Prevention and New Data Rights Management
Techworld Date Posted: 2 October 2018 11:30 AM | 222 Views
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today announced new enhancements to its Data Loss Prevention (DLP) technology to protect information in Office 365. With Symantec DLP, data is protected whether.... See More
 
Symantec Protects Office 365 with Industry-Leading Data Loss Prevention and New Data Rights Management
Techworld Date Posted: 11:30 AM | 222 Views
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today announced new enhancements to its Data Loss Prevention (DLP) technology to protect information in Office 365. With Symantec DLP, data is protected whether...See More

 
Fujitsu Global Delivery Center (GDC) in the Philippines Is Recognized for Its Outstanding Environmental Contribution by the Philippine Economic Zone Authority (PEZA)
Techworld Date Posted: 11 June 2019 10:17 AM | 623 Views
Fujitsu’s Global Delivery Center (GDC) in the Philippines received the Outstanding Environmental Project Award from the Philippine Economic Zone Authority (PEZA) during the PEZA 24th Anniversary and Investors’ Recognition Night held recently at the.... See More
 
Fujitsu Global Delivery Center (GDC) in the Philippines Is Recognized for Its Outstanding Environmental Contribution by the Philippine Economic Zone Authority (PEZA)
Techworld Date Posted: 10:17 AM | 623 Views
Fujitsu’s Global Delivery Center (GDC) in the Philippines received the Outstanding Environmental Project Award from the Philippine Economic Zone Authority (PEZA) during the PEZA 24th Anniversary and Investors’ Recognition Night held recently at the...See More

 
Pascual Laboratories Partners with ePLDT, PLDT Enterprise to Address ‘Long Distance Work Relationship’
Techworld Date Posted: 25 October 2018 2:19 PM | 480 Views
ePLDT, the industry-leading enabler of digital enterprise solutions in the Philippines, and PLDT Enterprise — the B2B arm of PLDT — recently entered into a strategic engagement with one of the Philippines’ top pharmaceutical.... See More
 
Pascual Laboratories Partners with ePLDT, PLDT Enterprise to Address ‘Long Distance Work Relationship’
Techworld Date Posted: 2:19 PM | 480 Views
ePLDT, the industry-leading enabler of digital enterprise solutions in the Philippines, and PLDT Enterprise — the B2B arm of PLDT — recently entered into a strategic engagement with one of the Philippines’ top pharmaceutical...See More

 
Synology® Announces DiskStation DS1618+
Techworld Date Posted: 21 May 2018 4:45 PM | 212 Views
Synology® Inc. today launched DiskStation DS1618+, a 6-bay NAS featuring the Intel Atom® C3538. For tech enthusiasts and small to medium sized businesses, DS1618+ is the perfect all-in-one solution for file serving, application hosting,.... See More
 
Synology® Announces DiskStation DS1618+
Techworld Date Posted: 4:45 PM | 212 Views
Synology® Inc. today launched DiskStation DS1618+, a 6-bay NAS featuring the Intel Atom® C3538. For tech enthusiasts and small to medium sized businesses, DS1618+ is the perfect all-in-one solution for file serving, application hosting,...See More

 
Kaspersky Detects Over 14 Million Phishing Attempts in Southeast Asia for H1 2019
Techworld Date Posted: 6 September 2019 5:12 PM | 429 Views
Kaspersky Detects Over 14 Million Phishing Attempts in Southeast Asia for H1 2019. See More
 
Kaspersky Detects Over 14 Million Phishing Attempts in Southeast Asia for H1 2019
Techworld Date Posted: 5:12 PM | 429 Views
Kaspersky Detects Over 14 Million Phishing Attempts in Southeast Asia for H1 2019See More


Power by

Download Free AZ | Free Wordpress Themes