Spotting and staying ahead of the next network breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazineuk.com/spotting-and-staying-ahead-of-the-next-network-breach/article/442180/

High-profile network security breaches have escalated dramatically in 2015.
The recent assault on the Office of Personnel Management in which the
personnel data of over 4.2 million US government employees was compromised
is just the latest example of how both the private and public sector are
susceptible to cyber-attacks.

Financial services firms have become increasingly more vulnerable as the
level of sophistication and ability of these attacks to evade detection has
improved. In fact, a recent survey conducted by the Bank of England found
that financial institutions often misdiagnose cyber-attacks as internal IT
failures, leaving them vulnerable to infiltration and the loss of valuable
data as a result.

By not being able to properly identify these attacks when they happen, how
can financial institutions hope to effectively combat them?

The time has come for the financial services industry to re-evaluate their
approach to network security, and to consider employing a ‘defence in
depth' strategy to safeguard against both external and internal threats. In
this article, we will look at how this ‘outward-in' approach to
cyber-security works to expose cyber threats, and the need for financial
institutions to put greater emphasis on breach detection, data capture and
internal network segmentation in order to effectively implement it.

Breach detection and theft mitigation

> From blunt force distributed denial of service (DDoS) attacks to more
subtle and embedded approaches (ie, phishing, malware, etc), the methods
and exploits employed by hackers to infiltrate financial institutions' host
networks have and will continue to evolve. In order to effectively combat
these threats, we first need to evaluate how they are being identified and
managed.

According to Gartner, global spending for cyber-security is expected to
reach over US$101 billion (£60 billion) by 2018. To date, many of these
institutions have prioritised and continue to invest heavily in threat
prevention technology to nullify security threats at the perimeter of the
network.

In addition to being a more cost prohibitive approach, this approach
doesn't account for cyber threats that have already breached externally
focused security measures. Given how often data passes throughout a
networks' sub-systems, it is imperative to have adequate hardware and
software based internal security in place to monitor and protect the
network. This includes comprehensive anti-virus protection, access control
and authentication policies.

The concept of ‘defence in depth' begins at the edge of the network, and
then works its way through to the internal infrastructure, such as
firewall, router, MDF switches and IDF switches. In order for this in-depth
strategy to be successful, measures need to be taken to address internal
threats to the system.

Data capture and network performance

Financial institutions need to strike a balance between intrusion and
detection to not only eliminate imminent threats to critical data assets,
but also to identify the source of the breach and to then take steps to
mitigate the loss of data by creating barriers to prevent data loss. The
best means of doing so is to implement a data packet capture solution to
isolate and expose the threat.

A high-performance data capture platform needs to be implemented to
allocate CPU usage for core security applications as well as to maintain
the performance of the network if/when the system is under attack. In
addition to capturing data from ‘north and south' attack vectors,
implementing data packet capture allows IT administrators to better
identify internal threats to the network that have already bypassed the
firewall into the heart of the data center. While packet capture will slow
down these internal threats, IT administrators still need to take measures
to prevent their potential spread across the network.

Internal network segmentation

Once the nature of the breach has been identified and the capture process
has been completed, the last and arguably most crucial step in this process
is to isolate customer traffic and services within multitenant cloud
environments to defend against the spread of malicious code to other key
segments of the network. Once the infected areas have been partitioned off,
new policies, filters and access control lists can be implemented to limit
access to critical data stored on the servers to only properly
authenticated users.

When combined with the physical layers of security that protect the server
(i.e. network adapters, etc.), this effectively quarantines the areas that
have been impacted by the breach, allowing day to day operations to
continue normally while malicious data is excised from the server.

Conclusion

Financial services organisations will continue to be one of the leading
targets for cyber-security attacks, and as such need to have the right
processes in place in order to safeguard their mission critical business
data and the data of their customers. By enacting a defence in depth
approach to cyber-security, they have the unique opportunity to create cost
effective security protocols that can not only detect current network
breaches, but allow them to stay ahead of attempts to exfiltrate sensitive
data in the future.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!