Follow me
chadrussell
Twitter Updates
Blog Post Calendar
May 2012 M T W T F S S « Feb 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 -
Recent Posts
- Big Data Could Create Compliance Issues – Dark Reading
- Top techniques to guard against ‘Advanced Persistent Threats’
- 3 Hot Trends In IdM (Part 3 of 3)
- Come Join Me @ SecureWorld Expo In St. Louis – 9/13,14 (Sponsored By Oracle)
- 3 Hot Trends in IdM (Part 2 of 3)
- 3 Hot Trends In IdM (Part 1 of 3)
- Why Provisioning Is Really An Authorization Problem
Blogroll
Twitter Cloud
identity and via management access top out news stories today the blog cloud post new brave security @rogeragrimes data idm google part for @twc_salt_lake oracle that #infosec hot trends @johnfontana @darkreading big why i'm @mgd reading mcafee compliance @kevin_moulton now online dark will authorization from learn @casecurity revealed sql are @pingpm alliance @tootallsid @addthis xacml #security @covisint @vordel injection #identitymanagement threats more @28storms persistent advanced recognition rat @ashmotiwala facial oauth facebook evidence @calanceus take cyberwar #oracleidm #privacy @layer7 how oct 4th with come @sidchoudhury #oow11 @oracleidm #iam join computing shady names @twc_memphis @oracledatabase @secdocs could @q1labs congrats @mark_diodati your mdm
Top techniques to guard against ‘Advanced Persistent Threats’
Advanced Persistent Threats or ‘APT’s', have been receiving quite a bit of press lately. If you’re not familiar with APT’s here is the Wikipedia definition:
Advanced Persistent Threat
From Wikipedia, the free encyclopedia
Advanced persistent threat (APT) usually refers to a group, such as a foreign nation state government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet enabled espionage, but applies equally to other threats such as that of traditional espionage or attack.[1] Other recognized attack vectors include infected media, supply chain compromise, and social engineering. Individuals, such as an individual hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.[2]
I will be the first to admit that customers and vendors give lots of lip service to security but at the end of the day their spends tend to be more focused on compliance and operational efficiency. So what’s the business case around APT’s?
Well, the Verizon Data Breach reports from 2010 and 2011 shed some interesting light on the subject. Just so you know, the data collected in these cases are from joint assessments between Verizon and the U.S. Secret Service. As with any study, it’s a sampling. Meaning that trends witnessed may or may not be “real” because it’s hard to determine a sampling of something that is largely kept secret.
An interesting trend in the 2010 report illustrated that there has been a shift in targets as it relate to the number of data breaches. Surprisingly it’s not financial services or public sector at the top. It’s hospitality at the #1 spot with retail coming in second. The take on the data is that the focus of APT’s has shifted to lower risk targets which are large in number and relatively high in yield.
Ok, so that’s all well and good. But what can organizations do to protect themselves from APT’s?
1. Keep an eye out for ‘Spear-phishers’.
Spear-phishers are phishers who send targeted and calculated communications via e-mail and/or social media to high value targets. These targets are typically called ‘whales’ and are C-level executives. They have the most access to the most sensitive data.
What to do? Educate your C-level and leverage anti-phishing technology where applicable.
2. Watch out for ‘SQL Injection’.
This is one of the key tools in the APT toolbox. It’s concerning for a few reasons. One being that script kiddies can readily access SQL Injection tools. The other being that SQL Injection bypasses all traditional security controls such as firewalls, IDS, IPS etc. .
How to stop it? Use Database Firewall technology that employs SQL Grammar analysis and whitelisting technology. Caution: Employer Plug (Oracle Database Firewall)
3. Defense in Depth.
This one kind of goes without saying so I’ll say it anyway. A great defense in depth strategy goes a long way to mitigating risk across the board.
Tagged Advanced Persistent Threats, APT, Hacking, Hacktivism
3 Hot Trends In IdM (Part 3 of 3)
In the last post we covered the second hot IdM trend in our three part series which was Cloud Provisioning.
What’s on top to round out the top 3?
Hot IdM Trend #3 – Identity and Access Governance.
The driving force behind Identity and Access Governance is largely compliance. And as we know, security and compliance are close cousins but not one in the same.
So when we talk about IdAG we are talking about the automation and management of several key processes.
1. Aggregation of identity, account, role and entitlement data from numerous access silos.
2. Rationalization of this data for the purpose of role management and role based re-certification activities.
3. Workflow management and scoping of said re-certification processes.
4. Closure of assessed events. This may be related to role management or re-certification.
Now you may be thinking, why doesn’t a standard provisioning solution fit the bill here? Well, after embarking upon their first provisioning project most customers realize that getting just a few key systems integrated can represent a significant investment in time and resources. That being said, practically NOONE ever decides to integrate EVERY system in their environment into their provisioning tool. It’s simply not practical or effective.
With this in mind, it stands that organizations need to go through their quarterly or yearly fire drills as it relates to entitlement re-certification. That’s where IdAG comes in.
It’s part of the maturity model for customers. First it’s all hands on deck. Next it’s realization that we just simply can’t sustain this. Finally it ends up in ‘compliance fatigue’. IdAG to the rescue.