Security Teams Need Better Intel, More Offense

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/232900905/security-teams-need-better-intel-more-offense.html

By Robert Lemos
Contributing Writer
Dark Reading
April 24, 2012

The recipe for a cyberattack is straightforward: Attackers gather 
intelligence on the target's systems, research vulnerabilities, exploit 
those weaknesses, gain control of the systems, and conduct 
post-exploitation operations.

Yet, for the first three parts of attackers' operations, most defenders 
do nothing. Only after attackers act on a corporate network -- the 
fourth step -- does a victim's security team becomes aware of the 
attack. In a presentation at the SOURCE Boston security conference last 
week, independent security consultant Iftach Ian Amit told attendees 
that defenders need to do better.

"We are basically just waiting to be attacked," he said.

Increasingly, security experts are recommending that companies become 
more aggressive in gathering information on their attackers. Companies 
need to gather or buy intelligence on adversaries and should consider 
more active counter intelligence operations, Amit said. Rather than 
hunker down behind the firewall, like defenders of a medieval castle, 
security analysts should explore the landscape. To match attackers' 
first steps, defenders should model their organization's threats, gather 
intelligence and correlate the data to pinpoint possible threats, he 
said.

"We can be much more active" in defending our networks, Amit said. 
"Counter intel is fair game ... Everything around is yours; you better 
know everything that goes on out there."

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org