During a recent business trip to Tokyo, I was witness to a not-so-stealthy attack by none other than Godzilla. As you may conclude from the image above, at the time of the photo, part of Tokyo was spared the wrath of the large green monster thanks to a strong perimeter. Or was it? It struck me the picture I snapped with my iPhone, prior to narrowly escaping to safety, was analogous to a major misconception behind targeted attacks and advanced threats.
The train of thought proceeds as follows. For thousands of years, defense at the perimeter has been a basic tenet of good security practice. From the medieval concept of moats, ramparts and guard towers, to the electric fence, and onto modern IT security firewalls, gateways, IPS, and so on. The logic is to prevent any form of threat from reaching that which the perimeter is designed to protect. Yet, as has been the case for thousands of years, prudent security measures require a defense in-depth approach. The tenet being the acceptance of both predictable and unpredictable conditions under which a defensive measure might be defeated or rendered useless. So how does this relate to Godzilla?
Unlike the tradition of defending at the perimeter, the threat of targeted attacks and advanced threats can originate from within a point of vulnerability that perimeter defenses are designed to help secure. Consider the following:
Connectivity to External Networks: You likely have networked devices from employees, customers, suppliers, contractors and others, which are being carried into any of the physical locations of your organization. Prior to being walked in the door of your enterprise and connected to your networks, it is also highly likely the whereabouts and usage of any of these connected devices is beyond your control or influence and therefore a potential Achilles heel for an adversary to exploit.
Island Hopping: You likely have connections with outside suppliers, customers, employees or others for purposes of communication, data sharing, transaction processing and many other functions. However, it is also likely you do not have control nor the ability to determine if any of the networks from which this traffic came is being used for a legitimate business purpose, or as conduit for an adversary to exploit.
Poison the Well: In addition by leveraging any of the points of attack above, it is more than possible that an attacker could exploit internal applications, systems and processes behind your perimeter defenses without your firewall, gateway, IPS or other devices ever sounding an alarm bell.
Conclusion: It is well within the realm of possibility that an adversary could bypass your perimeter IT security defenses by simply having a malicious payload walked through your door, by island hoping their way in through a trusted connection and by exploiting internal applications and processes.
Taking a second look at the Godzilla picture… the perspective we all need to consider is the fact Godzilla is not being stopped by the perimeter but in fact is already inside and behind it.
To learn more about how Trend Micro Deep Discovery Inspector can help you detect and respond to targeted attacks at, behind and within your perimeter, please stop by booth 1607 at RSA Conference 2015 and/or download our whitepaper on how Trend Micro can provide your organization with a 360-degree view into targeted attacks.