CS Sep-Oct 2021
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
APTs<br />
malware to install backdoors that<br />
bypass authentication.<br />
The defence-in-depth model needs to<br />
evolve to stay relevant by adopting<br />
automated security and a zero-trust model,<br />
she points out. "With this model, security<br />
teams can scale their efforts in the<br />
constantly-changing world of cybersecurity.<br />
There are different levels of traditional<br />
cybersecurity tools, such as firewalls,<br />
antivirus, and defence in depth (IPS, IDS),<br />
which aren't enough against an attack by<br />
an APT. Still, they are necessary as essential<br />
foundational must-haves from a security<br />
standpoint. Advanced security consisting of<br />
network devices with sandboxing systems,<br />
new generation SIEM, EDR and subscriptions<br />
to cyber intelligence services are essential to<br />
detect and respond to attacks of the APT<br />
magnitude. Early detection of APT attacks<br />
is critical for successful mitigation before<br />
networks are compromised and sensitive<br />
data is exposed."<br />
APT is a multi-faceted attack and defences<br />
must include multiple techniques, such<br />
as email filtering, endpoint protection,<br />
privileged access management, and visibility<br />
into the traffic and user behaviour," continues<br />
Sundaresan, expanding on these as follows:<br />
Email filtering: "Most APT attacks leverage<br />
phishing to gain initial access. Filtering<br />
emails, and blocking malicious links or<br />
attachments within emails, can stop these<br />
penetration attempts."<br />
Endpoint protection: "Most APT attacks<br />
involve the takeover of endpoint devices.<br />
Advanced anti-malware protection and<br />
Endpoint Detection and Response can help<br />
identify and react to compromise of an<br />
endpoint by APT actors."<br />
Access control and Privileged Access<br />
Management: "Strong authentication<br />
measures and close management of user<br />
accounts, with a particular focus on<br />
privileged accounts, can reduce APT risks."<br />
Monitoring of traffic, user and entity<br />
behaviour: "Visibility and monitoring can help<br />
identify penetrations, lateral movement and<br />
exfiltration at different stages of an APT<br />
attack."<br />
As the definition of APT implies success<br />
against you and your organisation, never has<br />
detection and response been so important,<br />
she concludes. "Preparation is paramount;<br />
the fight against APT is a continuous effort,"<br />
she warns. "Organisations need to become<br />
aware of the nature of these attacks, and the<br />
types of effective practices and technologies<br />
that can help to combat them."<br />
MURKY DEPTHS<br />
For years, threat actors, like nation states and<br />
cybercriminals, had distinct motivations and<br />
different tools, comments Sam Curry, chief<br />
security officer, Cybereason. "Nation states, or<br />
'advanced persistent threats' as we called<br />
them, moved like submarines, stalking ships<br />
in the waters of target networks, carrying out<br />
the policies of their governments and<br />
providing asymmetric options, aside from the<br />
normal diplomatic, economic, and military<br />
strategies and tactics.<br />
"By contrast, the fight against cybercriminals<br />
more resembled battleship warfare than<br />
submarine. The motivation among criminals<br />
was profit and, as such, it was about<br />
maximising the number of victims and<br />
wringing every drop from an infection for as<br />
long as possible. Even in the old days, the<br />
security industry was not up to the task of<br />
stopping either the malicious operations of<br />
nation states nor the smash-and-grab theft<br />
of cybercriminals."<br />
The silver lining, however, adds Curry, is<br />
the emergence of endpoint detection and<br />
response (EDR), which is often mistaken<br />
for a mere extension of existing endpoint<br />
protection technologies like antivirus or<br />
personal firewalls. "It is a tool for finding the<br />
Sam Curry, Cybereason: nation states moved<br />
like submarines, stalking ships in the waters<br />
of target networks.<br />
Bindu Sundaresan, AT&T Cybersecurity: the<br />
defence-in-depth model needs to evolve to<br />
stay relevant.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Sep</strong>tember <strong>2021</strong> computing security<br />
33