Monday, January 30, 2017

Forget Mobile Apps the Battle's on Your Infrastructure

Mobile apps might be a newer threat landscape within information security, but it’s not where the war is being waged. Don’t get me wrong there are some very dodgy things happening in the mobile arena and it’s something we need to be diligent with when it comes to security, but the biggest threats are occurring here, they’re happening in your infrastructure. Many mobile apps, I’m saying many when I refer to Apple, receive timely software updates, solid data permissions and configurable privacy settings. This doesn’t mean they’re impenetrable as we’ve seen with the recent Stagefright and Trident attacks against both Android and iPhone respectively. With this being said, the infrastructure is still the target. It’s where the malicious actors are looking to conquer and mobile apps are just one way into this battle.

A few years ago everyone was concerned with locking down the perimeter and making it impenetrable. I honestly think we’ve done a decent job of this and attackers have shied away from walking right through the front door. I’m sure this still happens today with misconfigurations and weak firewall rules, but an enormous amount of time and money have been spent to protect the perimeter from attack. It boded so well that attackers started looking into other areas of attack and brought the focus back to the internal infrastructure, in particular the endpoint. The endpoints within your infrastructure are comparable to the battlefield today. Included within this battle are not only mobile devices, but every endpoint that a user is touching. These are the entry points into the network and allow attackers the ability to gain a foothold into your environment.

With the war being focused back to the endpoint we’re seeing an entire new market based off analytics appear to protect the endpoints from attack. This is more than needed since the old method of using signatures has become a reactive approach of catching malicious actors moving through your systems. By being able to have additional visibility into your network from an east-west perspective improves your chances of detecting an attacker before they’ve compromised additional endpoints. The fight being brought down to the endpoint has spawned new technologies that didn’t exist just a few years ago. Just like the rise in technology produced during World War II to protect those against harm ushered civilizations into a new age of advancement after the war. The crisis of malware and attackers infecting endpoints has forced many vendors to generate technology that helps remediate some of the larger issues at hand within their infrastructure.

These technologies are in a direct response to the onslaught of attacks occurring within these networks against their infrastructure and endpoints. Many of these technologies are able to produce agents that allow segmentation for isolation, are signatureless, allow for an understanding of your compliance as hole, etc. Included within these detections are also systems that allow for deception to catch attackers within the infrastructure, use baselining analytics to catch endpoint behavior out of the norm and even allow third party “hunt teams” to search your network for malicious actors and events.

The endpoints within your infrastructure are where the battle is being waged and the technology is catching up once again to assist with giving people the ability to defend themselves. This of course is not a panacea by any means, but it’s an exciting advancement to the call of duty that security practioners require to assist them on the frontlines. Let’s hope that with the advancement of new technology the discouragement of attackers will be pushed back giving defenders just enough time to prepare for the attackers next avenue of attack. The cat and mouse game will continue, it’s just a matter of when and where.

No comments:

Post a Comment