After 8 years in the cyber security industry - witnessing worms traverse seemingly "secure" networks and numerous Advanced Persistent Threat (APT) infections - one thing is clear: you will never stop a sufficiently motivated attacker from getting into your network. APT actors are compromising companies and governments that have made strenuous, focused, and expensive efforts to defend their networks.
The trend 10 years ago was to beef up perimeter security and stop the malicious code from getting inside the soft-centered network. A few years later the idea was to install host-based intrusion prevention software on all clients - which represents a small step in the right direction. After that, the term "Defense in Depth" came about to explain a method of layering security products on both the network and host level with the hopes of detecting or preventing an adversarial attack. With these innovations, why, and, more importantly, how are networks still being infected?
This blog will speak to the question posed above and explain the importance of minimizing post-infection exposure while increasing detection capabilities at the host level. These two topics include a laundry list of best practices and configuration changes that can help keep your company out of the headlines, even when a compromise occurs. This blog is dedicated to my experiences and findings when it comes to securing the interior of any computer network, while occasionally pointing out weaknesses in important, but limited, perimeter defenses.
The trend 10 years ago was to beef up perimeter security and stop the malicious code from getting inside the soft-centered network. A few years later the idea was to install host-based intrusion prevention software on all clients - which represents a small step in the right direction. After that, the term "Defense in Depth" came about to explain a method of layering security products on both the network and host level with the hopes of detecting or preventing an adversarial attack. With these innovations, why, and, more importantly, how are networks still being infected?
This blog will speak to the question posed above and explain the importance of minimizing post-infection exposure while increasing detection capabilities at the host level. These two topics include a laundry list of best practices and configuration changes that can help keep your company out of the headlines, even when a compromise occurs. This blog is dedicated to my experiences and findings when it comes to securing the interior of any computer network, while occasionally pointing out weaknesses in important, but limited, perimeter defenses.
No comments:
Post a Comment