• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Targeted Attacks   »   Understanding Targeted Attacks: How Do We Defend Ourselves?

Understanding Targeted Attacks: How Do We Defend Ourselves?

  • Posted on:February 26, 2013 at 7:47 am
  • Posted in:Targeted Attacks
  • Author:
    Martin Roesler (Director, Threat Research)
0

Last time, I talked about how attackers are at an advantage when it comes to targeted attacks, and how it is important that we accept that fact in order to deal with attacks properly. Here comes the hard part: knowing that attackers have a great level of control, what do we do now?

Remember that even though we’ve come to accept that attackers have greater control, does not mean that we don’t have any of it. We do, and it is important to take note of that because using that control is highly critical in dealing with targeted attacks.

Control the Perimeter

Of course, any form of control can only be truly successful if founded on an awareness of what we truly own. Acquiring a firm grasp of what and who gets access to the network and the level of access that is provided may come at the expense of what most employees see as convenient, but considering the dangers of targeted attacks, it is important to put security first.

Part of identifying the network is also having a deep understanding of it, specifically the operations, processes, events, and behavior we consider normal. Knowledge of what is truly normal and what is not will help identify anomalies better and faster.

Once the network is defined, it is critical to have a means to monitor the network, which means having visibility and control of everything that goes in and out of it. A good example of a technology that can help network administrators do this is DNS Response Policy Zone. DNS RPZ provides a scalable means to manage connections to and from the network. If complemented with a domain name blacklist, it would create a network environment that is significantly safer.

Deploy Inside-Out Protection

Traditional defenses focus on hardening firewalls and keeping bad components out through blacklisting. Now, while this “outside-in” strategy would be effective for dealing with fairly straightforward attacks, it would be utterly unreliable against targeted attacks. Traditional defenses are made for attacks where the form and source are easily recognizable, which is not the case for targeted attacks.

Figure 1. Traditional defense

A good example of a better type of defense is the one used in Minas Tirith in The Lord of The Rings. The castle is designed in a way where the citadel, located at the center, is surrounded by seven walls. Each wall is higher than the one before it, with the outermost wall being the lowest, but the strongest. There are also gates in each wall, but the gates are never in front of one another, and are all situated in different portions of the castle. This kind of strategy , also known as the military strategy “defense in depth”, works because it does not only offer protection from outside forces, but even from those within the perimeter. In terms of network defense, it is equivalent to deploying multilayered protection, and encrypting critical data.

Figure 2. Defense in depth

The high walls also represent another important strategy. As it gets harder for attackers to infiltrate the fortress further, archers on the high walls have a bird’s eye view of what exactly is taking place. Also, the archers can not only serve as defense for enemies outside the wall, but also for those who are already within. In terms of security, this increased visibility via network monitoring also affords the defenders a level of control for both incoming and outgoing forces.

Assume Intrusion and Act Accordingly

Recall that the first wall at Minas Tirith was known throughout the lands as supposedly indestructible, yet eventually it was breached by the force of the battering ram Grond and the power of the Witch-king. In the same way, what form of protection do we turn to should our traditional defenses fail to prevent targeted attacks? The better attitude to take is to assume that an attack is already inside the network, as this will force us to rethink the way we are currently protecting it.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.