APTs Require Greater Awareness of Network Activity

P. Musich
P. Musich

Summary Bullets:         

  • Investigate network forensics and anomaly detection to gain better insight into network activity and ferret out APTs.
  • Work more closely with network operations to better understand network behavior and share insights for faster resolution of low-and-slow breaches.

 As security groups come to the realization that advanced (or adaptive) persistent threats (APTs) are becoming an unfortunate fact of life, they may turn to additional tools that provide better visibility into what is actually happening on the network.  Survey after survey into security practices within organizations concludes that, more often than not, security pros have little visibility and/or understanding into what is actually taking place on the corporate network.  Even those security groups that employ SIEM tools have a limited view into events taking place on the network.  Log files and security events only provide a small glimpse into what is taking place, because they lack context.  Still, that has not dampened the security industry’s enthusiasm for SIEM technology.  In the same week in early October, McAfee announced its acquisition of SIEM provider NitroSecurity, while IBM acquired Q1 Labs.  Those acquisitions followed HP’s acquisition of SIEM market leader ArcSight by about a year.

Continue reading “APTs Require Greater Awareness of Network Activity”

With Poison in the Well, Is It Time to Head for the Cloud?

B. Ostergaard
B. Ostergaard

Summary Bullets:

  • Poison in the Well: APTs threaten basic Internet trustworthiness
  • Head for the cloud (services), but look for open standards to avoid vendor lock-in

Network-centric cloud services are emerging as the new computing paradigm for performance-hungry, cost-conscious business customers.  Recent surveys show that businesses are looking at the full span of private, hybrid and public cloud services in their adoption plans.  Yet, most IT security professionals express serious and legitimate concerns about the security of cloud services, as well as how cloud adoption can adhere to corporate governance, risk and compliance (GRC) policies.  IT security professionals are also increasingly alarmed by advanced persistent threats (APTs) that are undermining the very structure of the public Internet.

Continue reading “With Poison in the Well, Is It Time to Head for the Cloud?”