Cyber Super Max: A BirdsEye View
On May 10th, 1940 the French realized the ineffectiveness of the Maginot Line against Nazi Germany’s invasion. We must accept the reality that perimeter defense is ineffective against the exploit kits, attack platforms and application based attacks of today. Our traditional architectures and controls for cybersecurity are inadequate. As the recent Verizon Data Breach Report noted most breaches are not discovered for at least 6 months. This damning reality necessitates a paradigm shift. As a community of white hats we must respect our adversaries and spin the chessboard. The proper strategy for your organization is to build a structure that inhibits the free movement of the adversary once they penetrate your system. We must transform our castles into prisons.
In 1933 the United States Department of Justice opened Alcatraz Prison in San Francisco Bay. The purpose was to incarcerate a certain caliber of prisoner: “for desperate or irredeemable types United States Federal Penitentiary Alcatraz.” It was a response to the hardened organized criminals who were arrested by the FBI. In recent years, there was recognition that the older architectures like Alcatraz were insufficient to house the contemporary criminal and terrorist. Thus in 1994 the Federal Bureau of Prisons opened The Administrative Maximum Facility (ADX) in Florence, Colorado housing the likes of Ted Kaczynski, Timothy McVeigh, and Robert Hanson. This SuperMax “control-unit” prisons, or units within prisons, represent the most secure levels of custody. The objective is to provide long term, segregated housing for inmates classified as the highest security risks in the prison system. The facility was constructed to permanently keep criminal masterminds imprisoned. The prison as a whole contains a multitude of motion detectors and cameras, and more than a thousand remote-controlled steel doors. Pressure pads and 12-foot-tall (3.7 m) razor wire fences surround the perimeter. The early detection of lateral movement is paramount as they attempt to tunnel out. The same construct should be applied to your network.
In order to develop a true “Super Max Prison” like ADX one must retrofit security controls with advanced malware detection, which provides contextual analysis on the activity and lateral movement. Trend Micro’s Targeted Attack Hub serves to support situational awareness per the latest techniques employed by the hacking elites. To stop a virtual jailbreak with your intellectual property and credentials an organization should conduct a robust penetration test so as to ascertain all of the viable attack paths in and OUT of your network. After remediating these vulnerabilities, aka viable passageways, develop an internal honeynet. This will dramatically increase visibility. Finally invest in technologies like file integrity monitoring; egress filtering; and breach detection systems like Deep Discovery. Surviving a cyberattack in 2014 will only be possible via a “control unit” mentality.
Please add your thoughts in the comments below or follow me on Twitter; @TAKellermann.