extended embed settings
14Cybersecurity For Dummies, Palo Alto Networks Edition✓ Numerous opportunities exist to detect and correlate.By virtue of the fact that multiple steps are involved inthe advanced attack lifecycle, there are multiple chancesto identify and counter threats.✓ The framework, rather than the functionality, is thethreat. If an attacker can infect targets, persist on,communicate with, and manage infected hosts, then theattacker can do almost anything. See the threat as anextensible framework, not simply as the functionality ofthe specific payload.✓ Threats exist across multiple disciplines, so too mustsecurity. Firewalls, intrusion prevention, antivirus, contentfiltering — these security solutions have traditionallybeen separated to provide “defense in depth.” Butthis strategy makes it difficult — if not impossible — toidentify, correlate, and counter complex, coordinatedattacks that take advantage of multiple attack vectors,including• Applications: Can hide and enable threats.• URLs and websites: Can host and enable threats.• Exploits: Create shell access to the target.• Malware: controls and uses the compromisedtarget.• Files: Used to update malware and steal data.✓ Security must expand beyond the perimeter.Organizations need to focus on expanding visibilitybeyond the network perimeter — both inward and outward.This is best accomplished with network segmentationand a next-generation firewall to enforce centralcontrols on internal and external (such as remote andmobile access) network traffic.The sky is NOT falling! Today’s threats are not so advancedthat they are impossible to control. They are not completelynew, just more common and better organized. Solutions doexist, and organizations can adopt best practices and adapt tochanges in the threat landscape. Don’t fall into the “APT atemy homework” trap! The attackers have evolved, but securityhas as well.These materials are © 2014 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 2The Role of Malware inAdvanced PersistentThreats (APTs)In This Chapter▶ Understanding how malware became a networked threat▶ Examining real-world threats to the enterprise▶ Identifying unique traits of advanced malwareThe rise of advanced malware is reshaping the threatlandscape and forcing enterprises to reassess how theyprotect themselves. Collectively, advanced malware has outpacedtraditional anti-malware strategies and in the process,has established a foothold within the enterprise that criminalsand nation-states can use to steal information and attacksensitive assets.In this chapter, you learn about this new class of threatthat has come to be known as advanced malware — bots,botnets, and bot-herders, what makes them tick, and whatmakes them particularly nasty.Recognizing Key Characteristicsof Advanced MalwareEnterprise information security teams have been doing battlewith various types of malware for more than two decades.However, all of this hard-earned experience does not meanThese materials are © 2014 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Glossary 65SSL: Secure Sockets Laye
These materials are © 2014 John Wi