The answer is to identify both current threats and those which are most likely to become the next big blot on the enterprise IT security landscape.
Knowledge is power, as they say, so IT Pro asked those on the frontline in the fight against the bad guys to help us compile a top 10 enterprise security threats from Targattacks to IPv6 and advise you on how best to mitigate the accompanying risks.
Here are entries one to five, with the second half of the list coming later this week:
Targattacks, also known as Advanced Persistent Threats (APTs), aren’t really new, but offer a new umbrella term for a group of operators that have a full spectrum of intelligence-gathering.
“These people have proper reconnaissance to determine the best attack vectors,” said Jeff Schmidt, BT global head of business continuity, security and governance. “Meanwhile persistence defines the specific nature of the attack. These are specific and continue until the goal is accomplished rather than being opportunistic”.
To mitigate the risk of falling victim to a Targattack, security evangelist with G Data, Eddy Willems, warns that enterprises need to be careful when choosing a security solution.
It is invaluable to educate users about the risks and how to spot these attacks.
“Due to the human element evident in these targeted attacks, businesses should select a solution that includes behaviour blocking, application control and heuristics," Willems says. "It is also invaluable to educate users about the risks and how to spot these attacks”.
Jay Huff from ArcSight recommended enterprises take a holistic view of what is going on across the network. “In military circles it's called situational awareness” Huff said.
“It’s only by seeing the overall pattern of behaviour that suspicious patterns emerge”.
2. Highly Sophisticated Malware
Malware isn’t new, but it remains one of the biggest threats to the enterprise as the bad guys continue to up the stakes and produce some really quite sophisticated exploits in order to gain access to your business data.
Ed Rowley from the M86 Security Labs told us it has seen a “marked increase in sophisticated malware,” which can be spread through Combined Embedded Files. These often go undetected by phishing protection, and one of the methods used is to attach HTML versions of cloned websites to emails rather than linking to those sites directly.
Combined attacks are on the increase, and in the first half of 2011 M86 Security Labs saw numerous targeted attacks using Microsoft Excel files with embedded Flash (.swf) files to exploit vulnerabilities.
This method, used in the targeted attack against RSA, is hard to detect by anti-virus and other security solutions because both components must be separated for analysis. Rowley advised that “enterprises without a proper patch management policy and outdated gateway protection will start to find they are fighting a losing battle” when it comes to blocking such attacks using sophisticated malware methodology.
3. SQL Injection
You might have thought that by now SQL code injection techniques as an attack methodology would be dead in the water. After all everyone knows about them and they are old hat, right?
Try telling that to the likes of Heartland Payment Services or the Sony PlayStation Network, both of which fell victim to SQL Injection led attacks.
A code injection technique simply exploits a security vulnerability occurring in the database layer of an application, with malicious code injected (or typed if you prefer) into any open slot such as where a user would enter their login details. That malicious code can then provide access to the administrative part of the enterprise’s website with all that entails.
Don Jackson from the Dell SecureWorks’ Counter Threat Unit Research Team said all enterprises should make use of “input validation for any form to ensure that only the type of input that is expected is accepted.”
Recent high-profile hacking attacks where customer information has been compromised have highlighted the vulnerabilities of today’s online infrastructure.
“It is important to protect the web server on which the web application is running, the database from which the web application is retrieving information, and the operating systems upon which the web servers, applications and database reside,” Jackson warned.
Meanwhile, Jacques Erasmus, director of technical engineering at Webroot said stricter analysis and standards is the way forward.
"The recent high-profile hacking attacks where customer information has been compromised have highlighted the vulnerabilities of today’s online and internet infrastructure," Erasmus told IT Pro.
"Assessing how such attacks have occurred and taking the necessary steps, such as stricter coding standards, would be the best start to mitigate these risks. From here, organisations must analyse which areas are most exposed and take a bespoke approach to rectify this.”
4. Distributed Denial of Service (DDoS)
Another old school attack vector is back in the media spotlight courtesy of high-profile politically motivated attacks against large online organisations.
DDoS attacks have never really gone away, but they have undergone something of a resurgence following the whole WikiLeaks affair that seems to have kicked hacktivism back into action.
"The rise in social networking communications and the widespread availability of easy to use hacking tools has attracted a new generation of young hactivists who see themselves as online warriors at liberty to attack those businesses or organisations they see as political enemies,” said Richard Archdeacon, chief technology officer (CTO) for information security in EMEA at HP.
The trouble is that a DDoS attack uses a brute force of network traffic to cause chaos, effectively leveraging legitimate application services, in what has become known as a non-vulnerability or ‘zero-minute’ attack methodology.
“Standard security solutions depend on static signature protection against known exploits and rate-based protection against high-volume attacks and unknown attacks,” warned Ron Meyram from Radware.
“Traditional perimeter security relies on periodic signature updates, leaving the business vulnerable to zero-minute attacks with no solution against non-vulnerability–based attacks. The solution then is to adopt a behavioural based real-time signatures technology including DoS protection, network behaviour analysis, information protection service and a reputation engine."
It may seem odd to include Internet Protocol v6 (IPv6) in a list of enterprise security threats, but bear with us.
IPv6 Day, as 8 June became known, has come and gone with the likes of Google and Facebook now delivering much of their public services over IPv6 networks. The IP address space increases from 32 to 128 bits with IPv6, and random attacks should decrease courtesy of that wider address range making it difficult to assume devices will be associated with any given block of IP addresses.
But with every enterprise eventually having to implement IPv6, security problems will soon enter the equation, according to Sourcefire’s Leon Ward.
“IPv6 creates a whole host of new opportunities for hackers to take advantage of,” Ward warned.
"Much of the current network security infrastructure for IPv4 is not compatible with IPv6 and can sometimes leave a system completely open. As you purchase new devices and update operating systems you will likely find that IPv6 will be enabled by default.”
And the best way to mitigate these risks? “Identifying controls, security solutions and policies that support IPv6 alongside IPv4 is essential to maintaining your organisation’s security requirements” Ward explains.