As we have previously written, the adversaries behind today’s sophisticated APT attacks targeting enterprises aren’t jaded punks or script kiddies –they’re seasoned professionals with a specific political, economic or social agenda.
However, as notorious as these adversaries can be — often inflicting millions of dollars (US) worth of damage and leaving behind a legacy of compromised servers, systems and devices, not to mention shattered business reputations and litigation nightmares — security experts are warning enterprises to be vigilant about another kind of cyber attacker: one that emanates from within.
“We are seeing a lot of data breaches that revolve around abuse of privileged user rights and other internal threats,” commented Vormetric’s CSO Sol Cates, whose company along with the Enterprise Strategy Group (ESG) recently claimed the biggest threat facing today’s enterprises is from rogue employees with an axe to grind – or, more often, with the desire to steal and sell intellectual property.
The claim, which was part of the recent report “The Ominous State of Insider Threats“, also pointed out that in a survey of executives at mid-size and large enterprises:
- 97% felt that they were at least somewhat vulnerable to cyber attacks from within
- 63% felt vulnerable to abuse of privileged user rights by employees
- 54% believe that it’s harder now to identify and stop cyber attacks from within than it was just two years ago
- 46% admit that, despite improvements made to strengthen their network defense system, they feel more exposed to a cyber attack from within than ever before
As for addressing the internal vulnerability, ESG’s senior principal and the report’s author John Oltsik suggested that enterprises adopt a “least privilege” policy by giving employees, IT administrators and all others with access to the network the least amount of data required to do their job. He also recommended that enterprises use encryption, and continuously monitor network traffic.
While Oltsik’s last recommendation — continuous monitoring of network traffic — is particularly effective for identifying elusive APT attacks — conventional security gateways can’t do this, because they don’t go deep enough to discover 100% of threats; especially hidden or unknown malware.
What’s more, the software and hardware costs required to augment these limitations — not to mention the costs of hiring a team of security experts to manage the process — isn’t merely excessive; for most enterprises, it’s prohibitive.
Fortunately, Seculert can efficiently and cost-effectively analyze network traffic via a cloud-based, non-intrusive service that operates completely outside the corporate network – so there’s no hardware or software to buy or install, and no new security experts to hire.
Customers simply upload their HTTP/S traffic logs via a secure platform, and Seculert uses Big Data Analytics to analyze them. Seculert then compares the log analysis results against an ever-growing crowdsourced threat repository of malware behavioral samples and machine learning algorithms.
The result is the level of continuous monitoring that the majority of security experts advocate, in order to detect and stop APT attacks – regardless of whether they emanate from an adversary on other side of the world…or from an internal source.
Make sure your network is protected from APT attacks originating from both outside and inside your network. Sign-up for our APT solution today.
// ]]>
// ]]>
The post APT Attacks: Enterprises Need to Protect from Within appeared first on Seculert Blog on Advanced Threats and Cyber Security.
