Countering Advanced Persistent Threats with Comprehensive Network Security
The technological savvy and tenacity of cyber criminals has never been greater, and IT administrators trying to prepare for impending attacks are often left backpedaling. With all of the different ways a corporate network may be attacked, IT administrators must strive to implement a comprehensive remote access security framework within their enterprises. Especially with the proliferation of mobile devices, with a wide variety of operating systems, being used to access the network, companies need to make sure they have all of their bases (or, in this case, endpoints) covered.
While traditional attacks, such as viruses, spyware or bot infections are far from extinct, advanced persistent threats (APTs) have recently been garnering a lot of attention. APTs give IT teams headaches, because they are extremely stealthy in nature and are almost always aimed at a very specific target. Traditional attacks are generally created to quickly harm the machine and network they’re infiltrating, leaving before they can be detected by the network’s intrusion detection system (IDS). APTs, on the other hand, are designed to remain in the network undetected for extended periods of time, all the while stealing sensitive company data. The wide range of methods and vulnerabilities that these attacks use to gain access is what makes them so tricky to discover. Unfortunately, once an attack has commenced, it usually requires an IT administrator to notice anomalies in outbound data before anyone realizes there is a problem at all. Sophisticated APTs can be very difficult to spot, especially without the right framework in place.
One recent example of an APT struck the New York Times. It appears that the cyberespionage group responsible for the attacks used evolved variants of the Backdoor.APT.Aumlib and Backdoor.APT.Ixeshe malware to gain access to the publication’s network. According to experts from security firm FireEye, the hackers updated the malware to use new network patterns to remain undetected by traditional network security systems. So how exactly can a comprehensive security framework protect enterprises from APTs?
It starts with implementing a defense-in-depth strategy that provides enough redundancy to keep a network operational in case of a security breach, and ensures constant network monitoring to stop attacks before they spread. Further, a comprehensive framework allows security controls and components to be in constant communication with one another.
At a more granular level, to protect corporate networks from APTs, having the right network access control (NAC) mechanisms are crucial. Attribute-based access control (ABAC) should be implemented by companies to grant or deny access to information based on various roles and attributes, such as whether they are on trusted connections, where they are accessing the network, etc. Role-based access control (RBAC) can further restrict network access by limiting information to certain people within the organization, regardless of their device (i.e. only C-level executives).
Additionally, as we’ve previously discussed, two-factor authentication can go a long way in terms of providing another security layer. For example, IT administrators using a two-factor authentication system may only permit certain devices to access the network remotely and only when the aforementioned credentials are met.
Efficient NAC, along with other secure remote access technologies, such as firewalls and hybrid IPsec / SSL VPNs, provide enterprises with the comprehensive security needed to protect sensitive company data. While cybercriminals attempt to outmaneuver these security protocols, establishing this holistic framework provides some extra hurdles for them to clear. It may be just the thing to help IT admin`s stop backpedaling and be more proactive about protecting their corporate network.