BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Is Your Organization Prepared Against Advanced Persistent Threats?

Posted May 9, 2012    Peter McCalister

An advanced persistent threat (APT) is an attack by which an unauthorized person gains access to the network and stays there undetected for a long period of time. The intent of an advanced persistent threat is often to steal data than to damage the network. Sectors with high-value information, such as defense, manufacturing, financial, telecom verticals and increasingly social networking are the most common targets for APT attacks. The Stuxnet Worm is a good example of APT.

Advanced: sophisticated – hacker has the ability to evade detection and gain and maintain access to well protected networks and sensitive information

Persistent: continues to run until objectives are met – making it difficult to prevent access to your computer network once the threat actor has successfully gained access to your network

Threat: organized and well planned crime – hacker has not only the intent but also the capability to gain access to sensitive information stored electronically originated from the military sector and has been in play for decades.

APT captured media attention in the context of enterprise software, beyond being a mere security buzzword, after Google and Intel admitted to have been targeted by advanced persistent threats aimed at compromising sensitive corporate data and Google’s threat to pull out of China in January 2010. EMC’s announcement that RSA’s SecurID information had been swiped via a sophisticated hack attack in March 2011 further cemented the concerns and need to protect against these sophisticated and organized cyber-attack to access and steal information from compromised systems. Other than Google and RSA, we have also seen Sony and Lockheed Martin be hit by security breaches using advanced persistent threats (APTs).

Following the SecureID hack, Computer World opined that organizations should be proactively prepared for advanced persistent threats or risk being the next RSA. Threat modeling of past attacks, hardening computers’ security settings, implementing strong password policies, implementing application control whitelisting, implementing enterprise wide log management systems with comprehensive alerts and auditing, and most importantly implementing a least-privilege authentication and access control system and policies is critical in battling APT.

Although APT attacks are hard to identify, and combating the APT is a protracted event requiring a sustained effort to rid your networks of the threat, data theft can never be completely invisible. APT requires the victim organization to detect compromised systems, collect evidence, analyze data and remediate threats more rapidly, efficiently and effectively. Detecting anomalies in outbound data may be the best way for an administrator to recognize an APT attack.

Thanks to the persistent nature of APT attacks, traditional security controls do not deter these relentless hackers. A persistent attacker aims at another entry point to the organization – the insider. BeyondTrust, has been securing the perimeter within for over 25 years and gained the leadership position in management and access control for privileged credentials. BeyondTrust has been focused on the accidental and sometimes intentional threats posed by the insider and on Preventing Good People from doing Bad Things.

At BeyondTrust, we believe the first step towards cushioning damages that could be caused by advanced persistent threats, is to not give users access to any resource they don’t require or use. Managing your privileged users’ access and using appropriate delegation policies will significantly reduce the risk posed by APT to your organization.

Leave a Reply

Additional articles

6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,
Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    BeyondTrust Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , , ,