Mobile apps might be a newer threat landscape within
information security, but it’s not where the war is being waged. Don’t get me
wrong there are some very dodgy things happening in the mobile arena and it’s
something we need to be diligent with when it comes to security, but the
biggest threats are occurring here, they’re happening in your infrastructure.
Many mobile apps, I’m saying many when I refer to Apple, receive timely
software updates, solid data permissions and configurable privacy settings. This
doesn’t mean they’re impenetrable as we’ve seen with the recent Stagefright and
Trident attacks against both Android and iPhone respectively. With this being
said, the infrastructure is still the target. It’s where the malicious actors
are looking to conquer and mobile apps are just one way into this battle.
A few years ago everyone was concerned with locking down the
perimeter and making it impenetrable. I honestly think we’ve done a decent job
of this and attackers have shied away from walking right through the front
door. I’m sure this still happens today with misconfigurations and weak
firewall rules, but an enormous amount of time and money have been spent to
protect the perimeter from attack. It boded so well that attackers started
looking into other areas of attack and brought the focus back to the internal
infrastructure, in particular the endpoint. The endpoints within your
infrastructure are comparable to the battlefield today. Included within this
battle are not only mobile devices, but every endpoint that a user is touching.
These are the entry points into the network and allow attackers the ability to
gain a foothold into your environment.
With the war being focused back to the endpoint we’re seeing
an entire new market based off analytics appear to protect the endpoints from
attack. This is more than needed since the old method of using signatures has
become a reactive approach of catching malicious actors moving through your
systems. By being able to have additional visibility into your network from an
east-west perspective improves your chances of detecting an attacker before they’ve
compromised additional endpoints. The fight being brought down to the endpoint
has spawned new technologies that didn’t exist just a few years ago. Just like
the rise in technology produced during World War II to protect those against
harm ushered civilizations into a new age of advancement after the war. The
crisis of malware and attackers infecting endpoints has forced many vendors to
generate technology that helps remediate some of the larger issues at hand
within their infrastructure.
These technologies are in a direct response to the onslaught
of attacks occurring within these networks against their infrastructure and
endpoints. Many of these technologies are able to produce agents that allow
segmentation for isolation, are signatureless, allow for an understanding of
your compliance as hole, etc. Included within these detections are also systems
that allow for deception to catch attackers within the infrastructure, use
baselining analytics to catch endpoint behavior out of the norm and even allow
third party “hunt teams” to search your network for malicious actors and
events.
The endpoints within your infrastructure are where the
battle is being waged and the technology is catching up once again to assist
with giving people the ability to defend themselves. This of course is not a
panacea by any means, but it’s an exciting advancement to the call of duty that
security practioners require to assist them on the frontlines. Let’s hope that
with the advancement of new technology the discouragement of attackers will be
pushed back giving defenders just enough time to prepare for the attackers next
avenue of attack. The cat and mouse game will continue, it’s just a matter of
when and where.
No comments:
Post a Comment