Deception technology may be able to help your organization identify and mitigate external and internal threats computer security threats faster finding compromised computers fast enough to prevent breaches of critical information. With new approaches, commercial deception products emulate existing workstation and server operating system images, log files, activity, and accounts providing a set of realistic targets for the malicious individual to look at. When the malicious individual attempts any interaction with a deception host your Security Operations Center (SOC) gets a very high confidence level zero false positive alert–a bad actor in the network requires immediate action now. This kind of alert is hugely valuable to SOC staff members sifting through sometimes terabytes of log data daily.
In a recent survey of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations’ computers had been breached at least once by hackers over the past 12 months. Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.
We all face compromises and for cyber resilience, reacting to these compromises is crucial to avoid operational impacts and expensive breach responses.
How can deception technology help us? For the non-technical, attackers will typically compromise a workstation and then start looking around, conducting reconnaissance in the cyber kill chain, with tools like ping, nmap, and others. In effect, they are turning on a flashlight in a dark room. With deception technology in your network, this flashlight beam of packets immediately sets off alarms–a compromised computer inside the enterprise network. Nobody should be shining a flashlight, beam of packets, into a room in your home where that room does not actually exist. Deception tools are configured to ignore known sources of these packets like network management hosts and troubleshooting workstations. A scan or login attempt to a host that does not exist can immediately identify both external compromises and internal malicious activity. It could be a malicious insider looking for sensitive information in other departments–something you need to know about but may be blind to without instrumentation. Deception technology is something most large organizations should consider to improve visibility and speed incident response. High confidence emergency alerts significantly improve SOC effectiveness preventing a highly likely workstation compromise from escalating to a breach of sensitive information on critical servers.
If you would like more information, contact LP3. We will be glad to help you make an informed decision on deception technologies in your environment.
Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.
If you are concerned about how to make your website more secure, but you’re not a web developer, this overview will give you the basics of virtual hardening.
The idea behind hardening a website is pretty simple: adding multiple layers of protection to reduce the potential of an attack. Traditionally, this involves a web developer manually handwriting code. But with virtual hardening you can use security plugins to strengthen your website using a Web Application Firewall (WAF).
Hardening is part of an overall strategy to prevent your website and data from being compromised. The two ways of hardening a site are:
- depth of defense – adding multiple layers of defense to prevent vulnerability exploitation
- breadth of defense – accounting for all potential attack vectors and security domains
In order to effectively protect a website requires protection of four key components:
- web server
- operating system
Content Management System (CMS)
Every website is unique and virtually hardening yours depends on its specific platform. One common difference between websites is the Content Management System (CMS). There are many CMS platforms: WordPress, Drupal, Joomla, Sharepoint, etc. If your website is based on WordPress, there are several simple virtual hardening tips, like:
- restricting admin access to a few IP addresses
- disable code from being injected into uploaded pictures
- enabling an “I am not a robot” checkbox to authenticate forms
Most virtual hardening tips for WordPress are reasonably easy to apply. But in some cases, a website may have dynamic IP addresses or a site owner may not have the technical ability to configure plugins. In such cases it’s best to reach out to experts to assess the level of security risk at your business, organization or enterprise – LP3 offers a free Security Risk Assessment.
Adding security to your server is a big challenge and depends on which server you are running. Common server environments are:
- Windows IIS
Some common tips for server hardening are:
- keep your CMS and all plugins updated
- remove unnecessary/unused plugins
- install security patches for your CMS and plugins
- monitor your websites log activity
- have long, unique, complex passwords
- install a security plugin (WAF)
Web Application Firewall
Not everyone is a tech wiz with the skills and time to maintain a secure website. That’s where a Web Application Firewall comes in. Securi and Wordfence are two popular WordPress WAFs.
Once you select, activate and configure a WAF for your website, you won’t need to worry so much about securing your website — you can focus on your business.
For small- and mid-sized businesses (SMBs) of every kind, cloud technology has made an enormous impact. But before you upload all your assets to the cloud, it’s a good idea to step back and take a look at some of the common pitfalls which could drastically impact your operations.
First and most important, implementing cloud technology into your business operations does not eliminate the need for on-site information technology (IT) – physical equipment housed in a reliable physical environment with solid uptime. The main reason why is that the cloud changes expectations and demands. With the cloud, your employees will come to expect new features and capabilities. This strains bandwidth, reliability and scalability. And to think that simply connecting all the computers in your company to the web isn’t going to cut it. A modern infrastructure requires upgrades like highly reliable IT hardware and effective thermal management that scales up in tandem with new cloud-based demands.
It seems a bit confusing that when everything is stored on the web your company requires an upgrade to your infrastructure, but it comes down to reliability. The cloud can quickly overwhelm outdated racks, cooling and backup systems and bring your company to a standstill. The most vital upgrade is an uninterruptable power supply (UPS) and cooling system to make sure the heat generated can exit the IT environment. Reducing heat is the first line of defense for any on-site IT operation.
The next consideration is hardware flexibility. A modern network infrastructure needs to be easily upgradable as the cloud becomes more robust. A network infrastructure that’s currently 10 years old will not be compliant with a cloud-centric system in 10 years. An outdated network that does not allow employees to maximize the potential of cloud services limits a SMB and its ability to compete effectively in the marketplace.
A common misperception about the cloud is you don’t need local servers or hard drives. The truth is SMBs still need local storage. One reason is data sovereignty laws which require companies to store sensitive information – and lots of it – locally. Additionally, the “Cloud to the Edge” trend means that having hardware and storage closer to the end user actually makes cloud applications snappier. The cloud may actually increase the amount of hardware you have on site.
In order to fully maximize the power and promise of cloud technology, the physical infrastructure of your SMB IT department is even more vital to maintaining a competitive advantage. Racks, cooling, power and management software all need to be upgraded to ensure uptime and quick access to both cloud and local data and applications.