Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Unified security policy key to protection, says Websense
SECURITY

Unified security policy key to protection, says Websense 

In its most recent threat report, the computer security firm Websense outlined the new way in which criminals carry out their activities and how to prevent them.

Websense researchers identified a model that describes which actions criminals take to cause chaos and damage. They referred to this model as the “kill chain.” “Successful data theft attacks have a set of key requirements to achieve their goals – they’ve got to find a way in, implant themselves, find their targets and find a way out,” explained Charles Renert, VP, security research, Websense. “It is from these requirements that attackers form patterns around particular techniques that are successful at each stage, and Websense’s kill chain methodology (and technology approach) maps to those requirements and patterns. “This segmentation provides a structure not only for understanding how the attack apparatus works, but also for organizing defenses at each stage — and across all stages.”

Seven stages comprise Websense’s kill chain: reconnaissance, luring the victim, redirecting the target to an unsafe site, using an exploit kit, installing a dropper file to advance an attack, contacting a command-and-control server to download additional tools or instructions and stealing the data. In its report, Websense researchers offered advice on how to defend against every stage of the kill chain.

Most businesses already have security policies and procedures in place. They might not be enough to stop hackers, though. “Many companies have aligned security approach to their infrastructure – they’ve got their e-mail team, a web team, a mobile team, a compliance team, a network team and so forth,” Renert commented. What they need is a unified policy that will protect every department. “Most effective attacks today cut across all of those groups, often finding gaps in one or more areas and exploiting them. To understand and address the current threat landscape, companies need to adopt a similar perspective and rebuild their security practices holistically across all of these disparate groups,” the Websense executive remarked.

Sometimes, the barriers to implementing a unified set of security policies and procedures can be financial. “In the last two years, there have been many documented cases of singular threat events estimated to have cost businesses not millions but billions of dollars,” Renert stated. “Many of these same organizations at risk have spent less a small fraction of their IT budget on security.” The C-suite can no longer afford to ignore digital security. Renert has seen a change in spending patterns in this area. “With the sharp increase in the success of data theft attacks, the cost/benefit analysis for reducing the likelihood of a major breach is causing a shift in that thinking toward greater investment in security,” he said.

In 2013, a number of major corporations realized that their security was inadequate in the face of threats. Although there are a wide variety of attack types, Renert explained that there are generally only two vectors of infection: the Internet and email. “Phishing or (spear phishing for a specific target) remains a hugely successful attack vector,” he commented. “A specifically crafted and customized email lure is sent to the target. This lure often contains no malware itself, but will include an embedded link. Once the target clicks on the link, they are often brought to an infected or compromised website that installs the attackers’ malware.” Renert believes this is one of the most pressing issues in IT today, yet it is one that professionals in the field feel the least confident in addressing.

“Recently, attackers responsible for past targeted spear phishing attacks have added a new wrinkle to the old phishing attack,” he added. “This one involves lying in wait for targets to come to them, rather than supplying an active lure. Websense Security Labs has identified a number of these attacks where an attacker either creates a site mimicking a real site, or compromises the real site that is known to draw the types of targets the attackers are waiting for.”

To read Websense’s security report, click here.

{module Gone in 60 seconds}

Related posts