Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

High-profile attacks highlight need for defenses against targeted threats

Jaikumar Vijayan, Computerworld | June 14, 2011
The recent spate of successful cyberattacks against high-profile organizations has focused fresh attention on the need for enterprises to implement new defenses against targeted threats.

As a result, companies need to also be continuously keeping an eye on authorized user activity on applications and databases, he said.

Applying whitelists on endpoints is also another very effective way of defending against custom Trojans, Stiennon said. With whitelisting, only a narrow set of previously approved applications are allowed to run on a computer, while everything else is automatically blocked from running. "Whitelisting means that no new software can execute," including malware, Stiennon noted.

Whitelisting products from companies such as Bit9, CoreTrace and Savant Protection are all enterprise-ready, and companies should consider running them alongside their antivirus tools, he said.

In addition, enterprises should also be looking at implementing tools for monitoring beaconing activity on their networks, Stiennon suggested. "Beaconing is the communication between an infected host and its command-and-control server. This should be blocked or at least detected through continuous monitoring of outward bound traffic," he said.

Products that help companies do this are available from vendors such as EMC's NetWitness, FireEye, Damballa, Guidance Software and Trend Micro, he said.

Constantly monitoring the logs of users with particularly sensitive access is also crucial to detecting and mitigating targeted attacks, said Alan Paller, research director at the SANS Institute.

Instead of relying on tools alone, companies should consider using trained personnel with a deep understanding of attacks to comb through the logs. "The tools people buy just don't solve the problem," Paller said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.