If you have not done so already, go play Targeted Attack: The Game. As of late, this is the reason why I ponder earth shaking questions such as the connection between the two inanimate objects you see above and targeted attacks. However, my hope is that after breezing through a few paragraphs, you will come to the following conclusion: Those who would perpetrate a targeted attack do not play by a set of predictable rules. To win ‘the game,’ you need to be able to detect things you would otherwise not see.
Now, let’s get started. After interacting with Targeted Attack: The Game, which likely took you more than one attempt to receive a press of the flesh from Mr. Ferguson, what were your conclusions, observations and thoughts? Mine have to do with reinforcing an analogy I have had for some time, which is represented by the objects above.
First off, as illustrated in the game, attackers are not predictable types. If they were, the investments we have all been making in our existing security defenses would be all we need. However, as we all know and have witnessed in the news, this is no longer the case. Reconnaissance, planning, subterfuge and remaining undetected are the modus operandi of the modern attacker. Your would-be adversaries get to know your organization, your networks, your defenses, your employees, your supply chains, and any relevant point of interaction with your organization. Why so thorough, you ask? To identify the best opportunity to evade your defenses, get to your data, extract it, and then monetize it. The size and scope of the data breaches that have made the news as of late unfortunately speak to the economic and geo-political incentives for this type of unprecedented behavior to only get worse. Simply put, in far too many cases, the rewards far and away outweigh the risks, let alone the chance of detection.
Here is where the 3D glasses come in. For anyone who has donned a pair of “red and blues,” you immediately notice a deeper and holistic perspective. What was flat suddenly has texture; what was one-dimensional can become interactive with you. Take the glasses off, and the same view that had depth and interactivity returns to a one-dimensional world. With this in mind, I suggest your best approach to detecting and responding to targeted attacks is akin to a set of 3D glasses. Meaning, you need the ability to see what would otherwise be unseen — to be able to interact with insight and information that would otherwise pass you by. The key to doing so is having the ability to detect attackers given they are using any and all means and methods at their disposal to remain undetected. So what is one to do?
Now our trusty motion detector comes into view. Pardon me a moment while I hop on a slight, yet relevant, tangent. Many of us have security systems in our homes. In so doing, most security systems take a multi-faceted approach of monitoring a variety of entry and exit points into your home. However, with your home security system, you may also find motion detectors inside your home. Why is this? Why bother monitoring inside your home if all eyes are on the perimeter?
As we all know, the reason is simple: to identify movement by intruders inside the home with reliance on perimeter-sensing alone does nothing but provide a false sense of security. Go to museums, restaurants, airports, government buildings; it is all the same. Layers of defense are used to detect suspicious and malicious activity. It is an approach we all take for granted.
Given this, why would your approach to detecting and responding to targeted attacks be any different? Is monitoring just the traffic coming into and going out of your network all you need to do? Does it make sense that by simply monitoring your web and email traffic attackers will comply and therefore attempt breaches using just those protocols? Sigh… if only our world were that simple.
As you have seen, or hopefully will soon see, Targeted Attack: The Game is a realistic enactment of what can happen in a targeted attack. To address the problem, what you need are the right set of 3D glasses and motion detectors such that any and all cracks and crevices within your network are monitored – and that you have the ability to detect that which is designed to not be detected.
To illustrate the point, I will move from the somewhat surreal to the realistic. How many laptops, smart phones, iPads, or other devices walk in and out of your organization’s doors each day? How many are beyond the immediate control of your organization, yet have been connected to public networks in coffee shops, airports, homes and other places? Is it possible any of these devices could have been compromised and are carrying your attackers right in the front door? Further, do you know with certainty that every contractor, employee, supplier, customer or other individual or organization that is accessing your network is, in fact, a legitimate user and/or is using a device that is controlled and secure? These two questions alone should be a telling reason why just monitoring your perimeter and only doing so over a few entry points is the first step to creating the exact situation you want to avoid.
I hope this helps to illustrate the merit in being able to detect that, which by nature, is designed to be undetectable. Bottom line: you need 360-degree monitoring of all network traffic through all network ports and over one hundred protocols and applications using custom sandboxing. Unfortunately, anything left ‘unchecked’ creates a pathway your ruthless and persistent adversary will exploit.
Read our whitepaper to learn more about Trend Micro Deep Discovery and how we can provide you with the ability to detect and respond to targeted attacks.