You may have heard that targeted attacks are on the rise—businesses are constantly under attack. The challenge that security professionals face is too much noise, and at the end of the day, it’s pretty hard to determine whether each event is worth their attention. Many alerts that come in are trivial and won’t severely impact the business, but there are a few that could cause a great deal of damage. It’s critical to have visibility into which ones to respond to first and investigate further.
What are targeted attacks?
Advanced attacks aggressively go after specific objectives—they can target your business, or a technology that you’re using. These attacks typically are staged by threat actors who are after data and monetary gain. You may have heard about targeted attacks that were aimed at the point of sale (POS) systems used by Target and Neiman Marcus. This malware infected hundreds of retailers in 40 countries, stealing data on thousands of payment cards. By contrast, exploit kits like Zeus are used in the majority of attacks, impacting millions of Internet users in businesses and at home—and these opportunistic attacks are what create so much noise for security professionals.
Shift your perspective: from prevention to continuous response
The current mindset in the security world is to prevent attacks on networks and systems under the control of a business. The reality is that an advanced attack is not obvious and may infiltrate systems outside your control (e.g. through supply chain or technology partnerships), with the objective of launching the attack several steps later. There are so many different types of attacks being launched that it’s safe to assume your business is being exposed to threats, as compromised devices might lead to breaches in critical data systems.
Instead of thinking in terms of blocking and prevention, take the perspective that you’re under attack, and will likely be breached—the part you can control is the severity and the swiftness of detection and your response. At the 2014 Gartner Security and Risk Management Summit, Eric Ahlm gave a presentation called “With Increased Security Visibility Comes Great Responsibility,” in which he addressed the need within the security industry to shift thinking from “You might get attacked” to “You’re already being attacked. How do you minimize damage from happening again?” The conversation in security is not about “if” but instead, is about detecting attacks and keeping the damage from happening again.
The key is to weigh the level of urgency against the business risk posed. This means that even though there may be a high volume of events, you need to assess their impact by examining them in context.
What you can do about it
Once you have layered on a few solutions in your security stack, your incident response team is often flooded with events. As a security practitioner, it’s impossible to save all your end users. But you can filter out the noise to focus on the attacks that are causing real harm to your business.
OpenDNS approaches targeted attacks by profiling how traffic from your devices and networks stacks up against the rest of the world’s traffic. We look at security from a global perspective, comparing traffic to malicious locations often before an attack is launched. By using our predictive intelligence to proactively identify where bad actors are staging their next attack, we can help your business move away from reactive security.