One of the things that I wish Information Security didn't have to deal with is catchy marketing terms. Remember "Web 2.0"? Fancy Javascript with a little sprinkle of XML on top... Already had it, just didn't have a good name that could be sold to the people with the money. What about the new current term "The Cloud"? The cloud has been around for a while, it used to be call SaaS (Software as a Service) or PaaS (Platform as a Service), but those names were too technical and didn't catch on. It's basically hosting your data and/or applications on someone else's servers in someone else's data center. It's been around for a while. It's risky, but so is trying to run your own data center.
Same thing with the new term that is making the rounds in the media the "Advanced Persistent Threat (APT)". Funny thing is that it also has been around for quite some time. It just didn't have a good marketable term yet. We have come up with good terms for most/all of the single avenue threats that we have uncovered so far, but what should we call it when someone decides to put a bunch of them together and make a new puzzle from the same pieces? Today, we apparently have decided on APT, tomorrow, your guess is as good as mine. It is one of the hardest attacks to defend against because there is no signature for it. No single thing that can defend against it. It typically starts with the weakest link in the InfoSec armor; humans. Doesn't seem to matter how much we train and try to make people aware of what is out there, all it takes is a single moment of weakness and clicking before thinking... Trying to defend an Enterprise, we in InfoSec have to get it right every time. The guys/gals trying to get in only have to get it right once. That honestly sucks from the defender's position.
You probably haven't seen a product or signature that promises to solve your APT problem, that's because one doesn't exist and in my opinion would be near impossible to build. To me, APT is very similar to Application Security where it is more about the People and Process and less about the tools. Not that tools aren't needed, but they cannot fix/block the problem, check-boxing will not work. Whitelisting would be nice, but the users we are trying to protect seem to like access to things to get their job done. More to come later...
No comments:
Post a Comment