Baseline Hardening The Best Defense Against Advanced Persistent Threats

Baseline Hardening: The Best Defense Against Advanced Persistent Threats

What business should do to protect against APTs

According to a number of sources, Reaper, a hacking group linked to North Korea, has now become sophisticated enough to be labeled an advanced persistent threat (APT) — a type of cyber threat with the capability and intent to get ongoing, long-term access to a system. With its recent exploitation of a zero-day vulnerability present in Adobe Flash Player, the group demonstrated the ability to infiltrate high-value corporations. Past targets include companies in Japan, the Middle East, and Vietnam, and the group is mainly focused on industry verticals such as manufacturing, aerospace, chemicals, and electronics.

The attack on Adobe represents a high level of sophistication; this is not your everyday smash-and-grab cyberattack. An APT that is able to exploit a zero-day vulnerability is more like an "Ocean’s 11"-style heist: It takes long-term planning and continuous stealth.

Because APTs take more time for hackers to put in place, they tend to target high-value organizations with a lot of data, such as cloud service providers. In the case of the Equifax job, hackers were looking to augment a database they already had. APTs will also go after valuable intellectual property or even military strategies. While there are some loosely affiliated hacker collectives, such as Anonymous, that are capable of APT attacks, most of these groups are state-sponsored; governments are well-suited to provide the ongoing resources required by the hacker for yearslong operations.

The Best Defense

The first thing a business should do to protect itself against APTs is make sure its system meets up-to-date industry security standards — this process is called a baseline hardening initiative. The speed at which applications and servers are deployed and the sheer volume of system builds make it impossible to produce safe, resilient systems unless there are baseline security standards every step of the way. The Center for Internet Security (CIS) has effective benchmarks that should be considered in any environment, as they can sometimes prevent significant damage from APTs.

The first step in baseline hardening is defining the standards you will use (such as the CIS benchmarks) and measuring your current environment against them. Then, commit to an immutable infrastructure (one in which you are not just making small tweaks to the same servers over time) so your standards are automatically rebuilt with every change made. That will help you avoid “configuration drift.”

Immutable infrastructures take time to build, so while this process is underway, you should make sure to segment your network, which will limit an attacker's mobility within your system and limit the damage.

Expect an Attack

Those first lines of defense are critically important, but it is equally important for large corporations to be realistic. Assume you will get hacked, and assume you will be breached. The best thing you can do is develop an action plan for when it happens.

Each person on your team should have a specific job when responding to a breach. Assign people responsibility for handling interactions with the security, legal, and forensic teams, as well as outside law enforcement, including the FBI and federal regulators. Have other parties get in touch with any cybersecurity partners you use to develop a plan moving forward. Have your PR team organize media communications. In broad strokes, the NIST framework is an excellent method to follow when creating a cybersecurity response plan: identify, protect, detect, respond, and recover.

In a crisis, it is important to have a core group of experts running the show. This is where a business needs to lean on its IT staff. There are many tools available to help your developers create a secure environment, so turn your DevOps team into a DevSecOps team. This transformation will maintain consistent security while improving processes and enabling a higher velocity of system changes. A thorough security strategy will also include a security operations center that can monitor for suspicious network activity.

Protecting your company from APTs takes a big commitment. Hackers will exploit any vulnerability you give them, so cutting corners does you no good. You will need to have the tools, people, and processes in place that allow you to take action if — or when — the time comes.

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • The Progress of Biometrics

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.