Baseline Hardening The Best Defense Against Advanced Persistent Threats

Baseline Hardening: The Best Defense Against Advanced Persistent Threats

What business should do to protect against APTs

According to a number of sources, Reaper, a hacking group linked to North Korea, has now become sophisticated enough to be labeled an advanced persistent threat (APT) — a type of cyber threat with the capability and intent to get ongoing, long-term access to a system. With its recent exploitation of a zero-day vulnerability present in Adobe Flash Player, the group demonstrated the ability to infiltrate high-value corporations. Past targets include companies in Japan, the Middle East, and Vietnam, and the group is mainly focused on industry verticals such as manufacturing, aerospace, chemicals, and electronics.

The attack on Adobe represents a high level of sophistication; this is not your everyday smash-and-grab cyberattack. An APT that is able to exploit a zero-day vulnerability is more like an "Ocean’s 11"-style heist: It takes long-term planning and continuous stealth.

Because APTs take more time for hackers to put in place, they tend to target high-value organizations with a lot of data, such as cloud service providers. In the case of the Equifax job, hackers were looking to augment a database they already had. APTs will also go after valuable intellectual property or even military strategies. While there are some loosely affiliated hacker collectives, such as Anonymous, that are capable of APT attacks, most of these groups are state-sponsored; governments are well-suited to provide the ongoing resources required by the hacker for yearslong operations.

The Best Defense

The first thing a business should do to protect itself against APTs is make sure its system meets up-to-date industry security standards — this process is called a baseline hardening initiative. The speed at which applications and servers are deployed and the sheer volume of system builds make it impossible to produce safe, resilient systems unless there are baseline security standards every step of the way. The Center for Internet Security (CIS) has effective benchmarks that should be considered in any environment, as they can sometimes prevent significant damage from APTs.

The first step in baseline hardening is defining the standards you will use (such as the CIS benchmarks) and measuring your current environment against them. Then, commit to an immutable infrastructure (one in which you are not just making small tweaks to the same servers over time) so your standards are automatically rebuilt with every change made. That will help you avoid “configuration drift.”

Immutable infrastructures take time to build, so while this process is underway, you should make sure to segment your network, which will limit an attacker's mobility within your system and limit the damage.

Expect an Attack

Those first lines of defense are critically important, but it is equally important for large corporations to be realistic. Assume you will get hacked, and assume you will be breached. The best thing you can do is develop an action plan for when it happens.

Each person on your team should have a specific job when responding to a breach. Assign people responsibility for handling interactions with the security, legal, and forensic teams, as well as outside law enforcement, including the FBI and federal regulators. Have other parties get in touch with any cybersecurity partners you use to develop a plan moving forward. Have your PR team organize media communications. In broad strokes, the NIST framework is an excellent method to follow when creating a cybersecurity response plan: identify, protect, detect, respond, and recover.

In a crisis, it is important to have a core group of experts running the show. This is where a business needs to lean on its IT staff. There are many tools available to help your developers create a secure environment, so turn your DevOps team into a DevSecOps team. This transformation will maintain consistent security while improving processes and enabling a higher velocity of system changes. A thorough security strategy will also include a security operations center that can monitor for suspicious network activity.

Protecting your company from APTs takes a big commitment. Hackers will exploit any vulnerability you give them, so cutting corners does you no good. You will need to have the tools, people, and processes in place that allow you to take action if — or when — the time comes.

Featured

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.