The Information Age has connected us in ways our ancestors could never have imagined, and with the wondrous bounty of knowledge and connection, so too has come a new breed of powerful and illusive adversary. With blow after blow, many security teams are feeling more and more overwhelmed by the challenges of modern, organized cyber-crime.  Take heart, my friends, we can beat the trend together.

For several decades my colleagues and I here at Tripwire have been helping cyber-security teams across the world catch these opponents in the act, and I think it’s fair to say that we’re quite well known for this, among other things.

It’s a simple truth that the faster we catch an attacker, the better off we’ll be. What’s less obvious is just how important this swiftness is. Consider the likely phases of the Target breach for instance:

Hypothetical Target Attack Timeline

  1. First there is reconnaissance – our wary attacker had to get the lay of the land, and decide if Target was even worth attacking. It must have looked like a juicy prospect, if it could be cracked.
  2. Next the enemy had to probe, or enumerate Target’s infrastructure for vulnerabilities in their defenses. It’s clear that there was at least one missing scale in Target’s armor. This process can take days, or even weeks.
  3. Exploitation of these cracks clearly followed, allowing the intruder to break further into Target’s cyber-defenses.  This is usually a quick process, yet it’s typically a traumatic event for systems that leaves digital fingerprints everywhere – which can be found if we look in the right places.
  4. Typically these first three steps are repeated over and over, providing lateral movement and creating a kill-chain linking them to their target’s inner sanctum; in this case – a hoard credit card data.
  5. Finally there was an exfiltration stage, where we now know that roughly 40 million credit card records were pulled from Nov. 27th to Dec. 15th. There were just over two weeks to detect this activity, with the damage growing by the second.

If the infiltrator’s work was caught in any of the steps besides the last, our credit cards would be safe, there would be no lawsuits, and Target’s reputation would be protected.  Not to mention Info-Sec would have the chance to heroically save the day – magnificent!

In my humble opinion it’s well past time that we, in the security industry, give integrity monitoring and intrusion detection systems the level of attention that they deserve.   We simply can’t afford to miss what they can tell us.

 

Related Articles:

 

picTripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

This publication is designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture.

The author, a security and compliance architect, examined each of the Controls and has distilled key takeaways and areas of improvement. At the end of each section in the e-book, you’ll find a link to the fully annotated complete text of the Control.

Download your free copy of The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities today.

pic

 

Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.

* Show how security activities are enabling the business

* Balance security risk with business needs

* Continuously improve your extended enterprise security posture

 

Title image courtesy of ShutterStock

Categories ,

Tags , , , , , , , , , ,


Leave a Reply

Alexandre Cox

Alexandre Cox has contributed 2 posts to The State of Security.

View all posts by Alexandre Cox >