By Craig D’Abreo, Masergy VP of Security Operations
The last line of cyber security defense for most organizations is endpoint security. Virtually all customers deploy some form of antivirus and anti-malware software on PCs, laptops, mobile devices and their trusted computing base (TCB). Some customers have also deployed Host Intrusion Detection/Prevention agents (HIDS/HIPS) on TCB servers. Beyond antivirus and anti-malware software, a much smaller percentage of customers (<15%) will employ a more sophisticated endpoint security solution designed to validate endpoint security compliance prior to allowing user devices access to the network. We must address the risks imposed by the end-user.
With the proliferation of web, email and social media, users are simply one click away from compromising their devices and the corporate network. Many laptops operate outside of corporate network defenses making users even further exposed. In an era of mobile computing, employees often visit questionable websites and utilize free software associated with social media and web applications that provide fertile ground for the introduction malware, which is then subsequently “hand-carried” inside the network when they return to work.
Advanced Persistent Threats (APTs) also pose serious challenges and are on the rise. An APT is any breach that seemingly emerges from within an organization’s network by targeting the path of least resistance, the mobile end-user. Once the APT is “hand carried” into the middle of the network on a compromised laptop or mobile device, it’s able to replicate in a peer-to-peer fashion, roam the network undetected, and stealthily establish an encrypted connection back to a hacker’s command and control website. APTs are purposely designed to leverage zero day exploits and polymorphism to evade signature detection technology, and subsequently infiltrate systems by exploiting the inherent trust between operating system components. As a result, it’s well documented that endpoint security solutions catch only about 30% of malware. While APTs are generally associated with many high profile breaches (Home Depot and Target), they are far more prevalent than you might think. In a 2013 survey conducted by the Information Systems Audit and Control Association (ISACA), one in five enterprises had experienced an APT attack. This growing awareness of APTs throughout the IT industry has provided inspiration to augment traditional defenses with advanced threat protection solutions as part of a Defense-in-Depth strategy.
In our next installment, we’ll discuss the Defense-in-Depth approach to cyber security in more detail. In the meantime, learn how Masergy’s 360 Living Security Audit can help detect APTs.