Timing is Everything

Posted by John Worrall   |   December 14, 2011

Time is of the essence when it comes to cyber crime, and according the latest numbers, determined cyber criminals are willing to take plenty of it – patiently waiting, watching, finding, and ultimately, compromising your assets. In fact, according to Verizon’s 2011 Data Breach Investigations Report, the company indicates more than 60 percent of 2011 breaches happened over a span of “months or longer before discovery.” That’s a long while for an intruder to spend casing the joint. By the time he’s ready to move on, no doubt he’s had enough time to uncover your organization’s most critical assets.

Verizon points to the most common types of breaches investigated by the National Hi-Tech Crime Unit (part of Great Britain’s Serious Organized Crime Agency) as falling primarily within the Servers category. This is exactly why visibility into your network is so critical and why virtual machine introspection is such an important innovation in global cyber security. Although a breach may happen in an instant, the resulting attack is very often prolonged. There’s much intelligence to be gained by watching your intruders once they’re inside your network walls. By seeing what comes and goes through the host, you can determine the target of the attack, the identity of the attacker and the appropriate response.

As noted in the report, a lack of data can be your worst enemy and a community of decision-makers and practitioners and responsible sharing can go a long way toward containing a breach. But, what about zero-day attacks? Communal knowledge doesn’t address the exploits of the criminally focused and determined, since the community can’t tell you how targeted customizations to known malware might interact with your organization’s specific IT environment.

Thanks to advances in virtualization technology and security intelligence, even unknown custom malware can be deconstructed, while its movement is contained and IDS/IPS signatures are created on the fly. Just as timing is everything to a zero-day attacker, live visibility and technical improvisation are critical to turning the tables.

Topics: Cyber Crime, Research, Breaches, Zero-day Attack, Security Intelligence, Virtualization

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all