Information Security News mailing list archives
Security Teams Need Better Intel, More Offense
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 25 Apr 2012 00:53:51 -0500 (CDT)
http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/232900905/security-teams-need-better-intel-more-offense.html By Robert Lemos Contributing Writer Dark Reading April 24, 2012The recipe for a cyberattack is straightforward: Attackers gather intelligence on the target's systems, research vulnerabilities, exploit those weaknesses, gain control of the systems, and conduct post-exploitation operations.
Yet, for the first three parts of attackers' operations, most defenders do nothing. Only after attackers act on a corporate network -- the fourth step -- does a victim's security team becomes aware of the attack. In a presentation at the SOURCE Boston security conference last week, independent security consultant Iftach Ian Amit told attendees that defenders need to do better.
"We are basically just waiting to be attacked," he said.Increasingly, security experts are recommending that companies become more aggressive in gathering information on their attackers. Companies need to gather or buy intelligence on adversaries and should consider more active counter intelligence operations, Amit said. Rather than hunker down behind the firewall, like defenders of a medieval castle, security analysts should explore the landscape. To match attackers' first steps, defenders should model their organization's threats, gather intelligence and correlate the data to pinpoint possible threats, he said.
"We can be much more active" in defending our networks, Amit said. "Counter intel is fair game ... Everything around is yours; you better know everything that goes on out there."
[...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.org
Current thread:
- Security Teams Need Better Intel, More Offense InfoSec News (Apr 24)