Skip to main content

Attacker point of view

Real data, real attacks

Unlike many of these types of industry reports, our findings are based on actual deployments, in real customers. We don’t scour the headlines to see what attacks were most prevalent, or ask trade show attendees what their biggest concerns might be. Need to monitor breach methods in real production environments, then takes the anonymized data and highlights what attacks are best at thwarting or bypassing security, as well as other key trends.
Defense-in-depth is dead?
It appears most companies maintain a strong focus on perimeter security for network-based attacks, but aren’t doing much to prevent malicious file transfer at the network level. It would appear that file-level scanning is pushed all the way down to endpoints only, negating the defense-in-depth strategy of having multiple layers of protection across the kill chain.
Additionally, we saw a high-level of successful attacks which were able to move laterally once inside networks. In fact, when looking at the top lateral movement attacks, they were all basically successful 2/3rds of the time. This indicates that in the majority of cases, threats that beat perimeter defenses are free to spread. In today’s world, where devices are constantly on the move, the LAN is no longer a safe space. We can’t assume that internal traffic is safe - we have to implement internal defenses. Truthfully, we should never assume our internal traffic is more secure that Internet traffic.
It’s only stealing if you actually take something
We continue to see a high level of outbound attack methods finding success. This means, again, that enterprises are often spending all their resources on attempting to prevent threats from entering the network. Even simple outbound attacks, like HTTP POST and GET, or NTP-based attacks were successful up to 56% of the time.
Ransomware wins because we let it
There have been lots of discussion about how best to defend against ransomware - keeping good backups, patching, and more. But we also have to remember that ransomware signatures are known - and our controllers can block those known attacks. Sadly, we saw that in many cases, even older well-known ransomware was not blocked in the network, and was able to get through the perimeter, all the way to host disk, without difficulty.
Again, defense in depth teaches us that we should have overlapping defenses - network AV or anti malware as well as endpoint, so that if one controller misses a signature (for example), perhaps the other will protect us. Given the amount of success we saw with getting ransomware through defenses, it would appear many enterprises are relying only on endpoint security as a single line of defense.

The bottom line

Our defenses are only as good as they are configured to be - and in many cases, configuration simply isn’t optimized.  Rather, thanks to automating attacks, and finding where controllers are simply poorly optimized or misconfigured, companies can improve security posture with what they already have. Free security? Sounds almost too good to be true… but it’s proven fact.
So, is your configuration up to snuff? There’s only one way to be sure...

Comments

Post a Comment

Popular posts from this blog

LinuxGuruz Netfilter IPTABLES Firewall Page

The Netfilter Project Homepage http://www.netfilter.org Source Code Userspace code (tar.bz2) http://www.netfilter.org/files/iptables-1.3.0.tar.bz2 FAQ Netfilter/Iptables FAQ http://netfilter.samba.org/documentation/FAQ/netfilter-faq.html Firewall Forensics (What am I seeing?) FAQ http://www.robertgraham.com/pubs/firewall-seen.html Network Intrusion Detection Systems - IDS http://www.robertgraham.com/pubs/network-intrusion-detection.html Sniffing (network wiretap, sniffer) FAQ http://www.robertgraham.com/pubs/sniffing-faq.html Linux IP Masquerade FAQ http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/ Firewall Admins Guide to Porn FAQ http://www.robertgraham.com/pubs/firewall-pr0n.html Hacking Lexicon - hacking dictionary http://www.robertgraham.com/pubs/hacking-dict.html Submit a FAQ Link or URL http://www.linuxguruz.com/iptables/#links Scripts Home LAN masquerading http://the-devil.dnsalias.net/home/extremist_MASQ Home LAN ip6t...
Post a Comment
Read more

How to Address the Patching Paradox

Analyze your vulnerability response capabilities.  Assess vulnerability detection and patching capabilities to identify vulnerability response issues. Tackle low-hanging fruit first.  Prioritize minor vulnerability response problems and build a comprehensive vulnerability response strategy over time. Eliminate barriers between security and IT teams.  Combine vulnerability and IT configuration data into a single platform to drive collaboration between security and IT teams. Create end-to-end vulnerability response processes.  Develop vulnerability response processes and ensure that security and IT teams have a shared view of these processes. Retain security talent.  Remove internal barriers, optimize day-to-day processes and automate mundane work; by doing so, an organization can create a positive environment for security teams, increase employee satisfaction and boost the likelihood of retaining top security talent. Manual vulnerability response process...
Post a Comment
Read more

mobile application Security Testing

Apps that enterprises develop themselves (or have developed by outsourcers) must be tested, to ensure they’re not leaking customer data or opening the enterprise to attack It’s cheaper and faster to test apps pre-production than it is after deployment Automated testing of mobile software is faster and more effective than manual testing Mobile applications interact with back-end web servers and services that also need to be tested That’s where AppScan® comes in What customers struggle with: Deploying secure mobile applications – both iOS and Android Static testing of mobile applications for security exposures, prior to deployment Inability to assess security of mobile applications developed by outsourcers Finding resources to test application code Understanding security risks of the mobile application environment Bringing together mobile application testing results with back-end web application and services resu...
Post a Comment
Read more