<img alt="dcsimg" id="dcsimg" width="1" height="1" src="//www.qsstats.com/dcs8krshw00000cpvecvkz0uc_4g4q/njs.gif?dcsuri=/index.php/c/a/Security/Fighting-Off-an-Advanced-Persistent-Threat-614039/1&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.baselinemag.com&amp;WT.qs_dlk=XerbqVM6bpr1saL6EOcCngAAAA0&amp;">

Defending Infrastructure and Data

By Ben Goodman  |  Posted 2010-11-08 Print this article Print

Bad hackers are coming to infiltrate your systems, and they won't give up easily. Learn how to recognize and defend against them.

ith attackers utilizing every angle that they can to infiltrate systems, protecting data and the IT infrastructure may seem out of reach. So what can organizations do to protect their infrastructure and intellectual property? There are no easy answers and certainly no silver bullet. Adequate security does not come from a single security product – in fact, you can't just buy yourself IT defense. Success is found by having the right processes in place and by applying the persistent security controls needed to stop as many successful attacks as possible. It's also having the right controls in place to mitigate the risk and the damage associated with any successful attacks.

The fact is that most organizations don't need to reach a state of uber-security, but they do need to be more secure than most other businesses. They must treat every endpoint as if it is already compromised. This level of security will deter most attackers. Here's how to pull it all together:

The first line of defense is to make sure the basics are in place. Make certain that the servers, desktops, and applications are patched properly and that end-point firewalls and anti-malware software is up to date and running. Another staple is to have a vulnerability management program in place designed to ensure that systems always are set to security policy and that software patches are kept up to date. It also means installing IDS/IPS systems to monitor and hopefully block any potential intrusions.

Think of those defenses as the baseline. They essentially are the locks on the doors. They don't keep hardened criminals out, but they do disturb the lazy attackers enough to move on to some other, less prepared organization. However, because the APT will continually adjust tactics to find weaknesses, including human weaknesses, employees need to be constantly trained and reminded of the little things they can do to remain secure – such as not opening attachments or using work systems to access risky web sites or services from PCs they use for work. Ongoing security awareness training is essential.

While none of that advice is especially different or out of reach for most organizations, the biggest challenge to success isn't always in implementing any particular process, security technology, or awareness program. Rather, it's making sure those controls are consistently in place and functioning properly. Typically, this will require feedback from how the security systems, servers, and endpoints are functioning, and that feedback flows in as near real-time fashion as possible. That's achieved best through having in place effective system log monitoring and Security Information and Event Monitoring (SIEM). This way, you will gain deep insight into people's actions on the web sites and thus be able to identify any behavioral changes that could indicate something has gone awry.

Of course, not all companies can afford to build that kind of information security program – certainly not immediately. Depending on where an organization is today, it can take years to build a great security team and get all of the necessary technologies and processes in place. That's why it often makes sense for organizations to consider outsourcing the expertise they need – and is one of the reasons why Managed Security Service Provider businesses are booming.

The reality is that many MSSPs have very talented security experts on staff, and have more resources available to keep systems secure. The trick is to pick the right security services provider, and make sure it has the resources necessary to secure your infrastructure and is willing to provide adequate SLAs to do so.

Clearly, there's no way to make any business entirely safe from the threats, but there is much that can be done to significantly reduce the risks associated with security threats. It is very similar to the physical world – while law enforcement can't eliminate all crime, it can manage it through crime prevention measures, enforcing laws, and gathering intelligence about potential crimes underway. Here, instead of policing IT systems with beat cops, it's done by enforcing the policies of anti-malware and end-point firewalls, monitoring logs and SIEMs to gather intelligence about what is going on throughout the IT infrastructure – and then making certain that risks are kept to a minimum.

Ben Goodman is Principle Strategist in Novell’s security area.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.