Advanced Persistent Threats - an attacker who is persistently, repeatedly, stealthily trying to break into your system until they succeed.
No single solution solves this problem.
Look at outbound traffic to figure out what is escaping.
Plan for failure.
APTs will get into the system in ways you never thought possible.
Attackers seek error pages that reveal system information useful in attack.
Leakage = systems returning information in error messages and failures.
Examples:
SQL injection - many steps to get database structure piece by piece until finally able to create a query to steal all credit cards.
Using view source on web pages to find information not visible on the pages.
Applications need to have security built in up front.
Phishing is number one way APTs are getting into systems.
Look at traffic going in both directions.
Attacks are sending data encrypted. Need to look at SSL traffic.
Inspect mobile devices - laptops, phones.
Log everything
Correlate logs (use SIEM)
Forensics is only as good as the data provided.
The better the interactive reporting, the faster you can respond.
Protect everything, always, everywhere.
All users - especially executives.
All devices (especially mobile)
All content - especially encrypted
- block or inspect - Downloads/ executables
- Data Loss Prevention
If all else's fails - disconnect the Internet (ha.ha.)
