All Hands to Battle Stations! The Enterprise IT Is Under Attack!

No, this is not the start of a sci-fi story; it is the reality that enterprise IT security defenders face in 2014. Attackers are waging an asymmetric battle for our networks, assets and data. Their attacks are increasing in sophistication, velocity and volume.

Meanwhile, IT systems are becoming more complex and enterprise resources extend beyond the traditional perimeter boundaries. Enterprise data is used in social media, cloud services and stored in the cloud and on mobile devices. Suppliers and contractors access enterprise networks and resources by VPN and virtual desktops. We truly have our work cut out for us.

Threats to Enterprise IT

Advanced threats pose a significant hazard if they can gain a foothold. Recent attacks against retail giants like Target and Neiman Marcus demonstrate that even companies with leading security controls certified as PCI compliant are at risk. Remote access, credentials abuse and malware are on the rise, which requires improved diligence by security defenders.

Traditionally, IT professionals have looked for signatures of malware or an attack to block them. Anti-malware, intrusion detection and vulnerability management focus on known malicious behavior. However, the bulk of attacks today are based on zero-day exploits and undiscovered vulnerabilities. In many cases, the attack vector leverages software that is not patched quickly enough, or that cannot be patched for fear of breaking enterprise applications. Examples of such software include PDF, Java and Office.

Trusteer Apex

To prevent an enterprise breach and defend employee endpoints from advanced threats and credentials theft, John Deere has selected IBM Security Trusteer Apex Advanced Malware Protection. The solution was chosen for the following capabilities:

  • Breaking the Threat at Strategic Choke Points: Like a game of chess, there are many possible moves, but there are certain stages in the threat life cycle where the attacker has fewer options. These are strategic choke points, where malicious code seeks to exploit a system and where it attempts to establish a connection to a command-and-control channel. Trusteer Apex applies this knowledge to break the exploit chain and prevent compromise on endpoints.
  • Protecting Corporate Credentials: In the recent Target breach and in other high-profile attacks, attackers have leveraged and abused both remote access connections and privileged credentials. Trusteer Apex prevents keystroke logging to collect credentials and provides protection against reuse of those credentials on other websites.
  • Preventing Infected Systems From Compromising the Network: When suppliers and contractors connect to the enterprise remotely, their level of security is unknown. They may not be patched and secure, and there is a good likelihood that some of these systems are already compromised. The application of Trusteer Apex for remote access by non-corporate assets adds an important layer of security to address this gap.
  • Easy Scaling to Protect Millions of User Endpoints: A key additional factor in the selection of Trusteer Apex was the ease of deployment and management, especially when dealing with non-corporate assets. Because of the adoption of Trusteer Apex by large financial institutions with millions of customers, we recognized that this solution would require a low level of support.

Defenders need to think like attackers. As corporate strategy moves to adopt consumer technologies to grow and compete globally, and as the threat landscape becomes more aggressive, it is more important than ever to develop a risk-based, layered security strategy to defend against sophisticated adversaries. Trusteer Apex addresses some key gaps that are missing in traditional endpoint and network security controls. It is a key piece to an enterprise IT security strategy for advanced threat protection.

Share this Article:
John D. Johnson

Ph.D., CISSP, Global Security Strategist, John Deere

Dr. John Johnson serves as Global Security Strategist for John Deere, where he defines information assurance, risk management and governance strategy. John has been responsible for architecting solutions that have been critical to maintaining global network security at John Deere since 1999. His projects have involved every aspect of corporate security, from the management of enterprise security systems, to developing standards and policies, overseeing the security of business acquisitions and divestitures, and working with HIPAA, SOX, PCI and global security and privacy regulations. With 30+ years of IT experience and 17 years of information security risk management, his career includes working as a staff physicist and managing network security for the Theoretical Division at Los Alamos National Laboratory, as well as working as a contractor and small business owner, prior to his work at John Deere.