EMC just announced their acquisition of NetWitness, a private company that creates software to detect and analyze network security threats. The news follows a breach where their security division, RSA fell victim to a data breach.
After hearing the news, I had to wonder if a company will ever be truly secure. The truth is they can’t. No matter how extensive your firewall and antivirus is, someone (given time) will always be able to create a work around.
Advanced Persistent Threats
This is what happened to RSA. The company’s official statement is that their system experienced “an extremely sophisticated cyber attack.” They claim that their investigation discovered the attack is an “Advanced Persistent Threat” (APT). So what exactly is an Advanced Persistent Threat?
According to an article from CNET, “APT attacks are often used for espionage, targeting source code and other information within a company or government agency.” Damballa, a network security solutions provider, further defines APTs as:
- Advanced – hackers use multiple attack methodologies and tools as required (malware, bots, keyloggers, etc.).
- Persistent – criminal operators give priority to a specific task. An attack occurs through continuous monitoring and interaction.
- Threat – the attack contains a high level of coordinated human involvement.
I spoke with resident security expert, Ben Howard, and he says that APTs involve techniques that are “above and beyond” what a traditional hacker uses.
What can companies do?
There are a lot of basic steps organizations can take to lower their risk of becoming attack. Steps include changing passwords frequently, blocking access to specific websites. Users need to be continually reminded of these protocols.
According to Howard, “security of a network requires persistent and consistent effort to maintain.”
Setting up rules. Employees need to be aware of what sites they can and cannot access while in the office. They should also change their passwords regularly.
Additional steps include firmware upgrades, routine updates, routine scans, periodic firewall reviews and vulnerability scans of the network.