Baseline Hardening The Best Defense Against Advanced Persistent Threats

Baseline Hardening: The Best Defense Against Advanced Persistent Threats

What business should do to protect against APTs

According to a number of sources, Reaper, a hacking group linked to North Korea, has now become sophisticated enough to be labeled an advanced persistent threat (APT) — a type of cyber threat with the capability and intent to get ongoing, long-term access to a system. With its recent exploitation of a zero-day vulnerability present in Adobe Flash Player, the group demonstrated the ability to infiltrate high-value corporations. Past targets include companies in Japan, the Middle East, and Vietnam, and the group is mainly focused on industry verticals such as manufacturing, aerospace, chemicals, and electronics.

The attack on Adobe represents a high level of sophistication; this is not your everyday smash-and-grab cyberattack. An APT that is able to exploit a zero-day vulnerability is more like an "Ocean’s 11"-style heist: It takes long-term planning and continuous stealth.

Because APTs take more time for hackers to put in place, they tend to target high-value organizations with a lot of data, such as cloud service providers. In the case of the Equifax job, hackers were looking to augment a database they already had. APTs will also go after valuable intellectual property or even military strategies. While there are some loosely affiliated hacker collectives, such as Anonymous, that are capable of APT attacks, most of these groups are state-sponsored; governments are well-suited to provide the ongoing resources required by the hacker for yearslong operations.

The Best Defense

The first thing a business should do to protect itself against APTs is make sure its system meets up-to-date industry security standards — this process is called a baseline hardening initiative. The speed at which applications and servers are deployed and the sheer volume of system builds make it impossible to produce safe, resilient systems unless there are baseline security standards every step of the way. The Center for Internet Security (CIS) has effective benchmarks that should be considered in any environment, as they can sometimes prevent significant damage from APTs.

The first step in baseline hardening is defining the standards you will use (such as the CIS benchmarks) and measuring your current environment against them. Then, commit to an immutable infrastructure (one in which you are not just making small tweaks to the same servers over time) so your standards are automatically rebuilt with every change made. That will help you avoid “configuration drift.”

Immutable infrastructures take time to build, so while this process is underway, you should make sure to segment your network, which will limit an attacker's mobility within your system and limit the damage.

Expect an Attack

Those first lines of defense are critically important, but it is equally important for large corporations to be realistic. Assume you will get hacked, and assume you will be breached. The best thing you can do is develop an action plan for when it happens.

Each person on your team should have a specific job when responding to a breach. Assign people responsibility for handling interactions with the security, legal, and forensic teams, as well as outside law enforcement, including the FBI and federal regulators. Have other parties get in touch with any cybersecurity partners you use to develop a plan moving forward. Have your PR team organize media communications. In broad strokes, the NIST framework is an excellent method to follow when creating a cybersecurity response plan: identify, protect, detect, respond, and recover.

In a crisis, it is important to have a core group of experts running the show. This is where a business needs to lean on its IT staff. There are many tools available to help your developers create a secure environment, so turn your DevOps team into a DevSecOps team. This transformation will maintain consistent security while improving processes and enabling a higher velocity of system changes. A thorough security strategy will also include a security operations center that can monitor for suspicious network activity.

Protecting your company from APTs takes a big commitment. Hackers will exploit any vulnerability you give them, so cutting corners does you no good. You will need to have the tools, people, and processes in place that allow you to take action if — or when — the time comes.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3