Defense-in-depth against SSP
IT and security professionals need to be well-prepared to counter attacks based on SSP and narrowly targeted cybercrime attacks. First and foremost, you need layered defense-in-depth.
For example, the widespread ZeroAccess botnet and rootkit can often be spotted by the way it connects to its peer-to-peer botnet. Detecting this communication at your firewall would lead you back to the infected computer.
Security rules should combine static and dynamic analysis to identify a malicious program. For example, suspicious content noticed when a file is first analyzed (such as unusual encryption) can later be linked to suspicious activity (such as making an unexpected network connection).
IT professionals need to consider the risk of seemingly legitimate administration tools in targeted attacks. These tools won’t be detected as malicious, but are actually quite powerful in an attacker’s hands. Effective countermeasures include limiting the sorts of non-business applications that a user can run, a feature usually called application control.
Finally, IT professionals need to aggressively counter an attacker’s best opportunities to find and exploit vulnerabilities by reducing network, software and user attack surfaces. Regular and automated patching has always been good practice, but it’s become even more urgent in today’s threat landscape.
< Back Next >