Epsilon and RSA Breaches Prove Perimeter Security is Necessary, but Insufficient – Data Breaches part 2

In my previous two posts on recent data breaches, I looked at the initial response to the Epsilon breach and what security considerations you should include before sending your data to a tertiary-party service provider. At present, I’m going to go dorsum to something I covered in the showtime post – spearphishing. Several recent manufactures revealed that the Epsilon breach and the contempo breach at RSA were a result of spearphishing. These incidents are prime examples of the errors of today’south perimeter-focused approach to security. Kickoff off, if you lot read accounts of the Epsilon attack , they are filed in the onetime phishing bucket – the attackers patently used a combination of keyloggers and a known virus, Win32.BlkIC.IMG to go within the system. Still, RSA’s explanation, in their “Anatomy of an Attack” blog post notes it was the victim of an ADVANCED PERSISTENT THREAT. Yep, the dreaded “ APT .” Withal, if you read further analysis of the attack , it reads very like to the Epsilon attack: an e-mail was sent to two small groups in the visitor, and someone opened one. The merely seeming variable is that the RSA attempt used a zero-day in Adobe Flash role player to compromise someone. Zero Days are a routine part of today’s security world. Check out seemingly every Patch Tuesday , or all the automatic security software updates you get if yous need to confirm that argument. Phishing and Null Days are an everyday thing. The problem is, very few are looking at the ways that most of today’s security solutions deal with these everyday occurrences. What these attacks evidence is that traditional perimeter based security technologies are necessary, just insufficient to deal with everyday types of attacks similar these. They only fail too often to be relied on. I’m not saying APTs exercise not be. They do and they are nasty, but the former style threats combined with old and new commitment platforms like social web plus APTs significantly expand the attack surface, which is inefficient and frankly ineffective to secure with the old model. Every bit my colleague, Jason Clark, our CSO, pointed out in his Tomb Raider analogy – a lot of times the bad guys will arrive – but you lot can terminate them from getting out. Here’s the deal. You need systems in identify that both forestall the bad guy getting in AND the content awareness to recognize when they are in and stop them from getting out with the goods. Let’s face it. Bad guys create millions of new signatures a year. Therefore, yous need the most upwards to date, real-time intelligence to forbid the bad-guys from coming in. Not the antiquated signature models of yesteryears perimeter security. For instance, cloud-based intelligence can decipher and categorize content on the fly. But this real-time analysis is just one part. What happens if the bad guys do get in? To stop them from getting out, first, yous demand to exist enlightened of your valuables, your treasure, and go on an eye on it. Then, y’all need to know if that information is existence moved. And you better be able to tell that if it is beingness moved, whether or non it is going to the correct sources. Those are the primary principles behind content security , and a meaning differentiator for what we at Websense have resolved for more than than iii years, leading to the introduction of our TRITON security architecture . The simple fact is incidents like the RSA and Epsilon attacks will keep as long as security departments rely on the defensive tactics of the 2000s. The big question is: is your company next, and, if and so, are you lot prepare to defend against these everyday threats? How are these threats changing the ways you are looking to protect your organization? Allow me know in the comments below… *Spear phishing graphic from Ars Techinca….(read more)