All Hands to Battle Stations! The Enterprise is Under Attack!

No, this is not the start of a sci-fi story, it is the reality that enterprise IT security defenders face in 2014. Attackers are waging an asymmetric battle for our networks, assets and data. Their attacks are increasing in sophistication, velocity and volume. Meanwhile, IT systems are becoming more complex and enterprise resources extend beyond the traditional perimeter boundaries, and enterprise data is used in social media, cloud services and stored in the cloud and on mobile devices. Suppliers and contractors remotely access enterprise networks and resources by VPN and virtual desktops. We truly have our work cut out for us.

Advanced threats have been shown to pose a significant threat, if they can gain a foothold in the enterprise. Recent attacks against retail giants like Target and Neiman Marcus demonstrate that even companies with leading security controls, which are certified as PCI compliant are at risk. Remote access, credentials abuse and malware are on the increase, and it motivates improved diligence by security defenders. The traditional approach has been to look for signatures of malware or an attack, so it can be blocked. Anti-malware, intrusion detection and vulnerability management focus on ‘known malicious behavior’. The bulk of attacks, today, are based on 0-day exploits and undiscovered vulnerabilities. In many cases, the attack vector leverages software that is not quickly patched, or that cannot be patched for fear of breaking enterprise applications. Examples are PDF files, Java and Office file formats.

Like a game of chess, there are many moves possible, but there are certain stages in the threat lifecycle where the attacker has fewer options. These are strategic chokepoints, where malicious code seeks to exploit a system and where it attempts to establish a connection to a command and control channel. Trusteer Apex applies this knowledge to break the exploit chain and prevent compromise on endpoints.

Defending like an attacker

In the recent Target breach and in other high-profile attacks, both remote access connections and privileged credentials have been leveraged and abused. Trusteer Apex provides protection of corporate credentials, against reuse on other websites and from keystroke logging by malware. When suppliers and contractors connect to the enterprise remotely, their computers are in an unknown state. They may not be patched and secure, and there is a good likelihood that some of these systems are already compromised. The application of Trusteer Apex for remote access by non-corporate assets adds an important layer of security to address this gap. A key additional factor in the selection of Trusteer Apex was the ease of deployment and management, especially when dealing with non-corporate assets. Because of the adoption of Trusteer Apex by large financial institutions with up to millions of customers, we recognized that this solution would require a low level of support.

Defenders need to think like attackers. As corporate strategy moves to adopt consumer technologies to grow and compete globally, and as the threat landscape becomes more aggressive, it is more important than ever to develop a risk-based, layered security strategy to defend against sophisticated adversaries. Trusteer Apex addresses some key gaps that are missing in traditional endpoint and network security controls. It is a key piece to an enterprise IT security strategy for advanced threat protection.

more from Malware

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security…

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat group ITG23 (aka the Trickbot/Conti…