Information Security

Defending the digital infrastructure

alphaspirit - Fotolia

The search for answers to ‘advanced threat’ defense

Visibility into what is happening on your network may matter more than stopping an attack. Can technology keep up with advanced threats?

Cuckoos lay eggs in other birds’ nests. That’s what a penguin keeper at the San Francisco zoo told Clifford Stoll when he was looking for a title for his classic book on rooting out a network intruder in what turned out to be cyberespionnage.

“The regular bird comes back to nest, it hatches a cuckoo and the cuckoo takes over and gets fed by the mother bird,” Stoll explained during a C-SPAN interview, back in 1989. “It all turns out well for the cuckoo. The cuckoo runs off and lays other eggs.”

When Stoll contacted the FBI about an unidentified intruder in the Lawrence Berkeley National Laboratory's network --  which houses unclassified science information -- they told him to change the password, ensure the hacker can't break in anymore and cut off the network connection: “He'll go away."

“They were right,” said Stoll. “I could have kept him out. I could have blocked him out easily. But it struck me that it was worth continuing to watch.”

While advanced threat defense methods have evolved, much of what Stoll discovered holds true today. In this issue, we look at Readers’ Top Picks for enterprise firewalls and advanced threat detection as technology providers add layers of defense to security appliances. When security professionals plan to invest in advanced threat defense, which companies and functionality top their short lists? Often, it’s the usual suspects, but the technology advances -- and the features many organizations are looking for -- may surprise you.

When we talk about advanced threats, the meaning of ‘advanced’ changes and so what safeguard would be useful no matter where the boundary is drawn?
Anton ChuvakinResearch vice present, security and risk management, Gartner

“When we talk about advanced threats, the meaning of ‘advanced’ changes, and so what safeguard would be useful no matter where the boundary is drawn?” asks Anton Chuvakin, research vice present for security and risk management at Gartner. Like Stoll, he favors monitoring and data collection for advanced threat defense and holds out hope for sophisticated algorithms that may one day make things easier. “When people ask me what would be a useful analytics tool, I say I need one that is as good as a junior security analyst.”

Keeping up with rapidly changing technology too is part of the job, but it can take up huge chunks of time. As Alan Earls reports this month, CISOs use different strategies to gain insights from their peers but determining the enterprise effectiveness of promising technology remains a challenge. Lisa Phifer looks at mobile data protection and strategies some companies are using to better monitor corporate data that is lost through mobile applications and devices.

As Robert Richardson points out in his column this month, Stoll used decoys and other deception techniques to track his hacker. Protecting data while you are figuring out what is happening, as Stoll found out, is a big security problem and the hardest part of the job.

About the author:
Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter @RichardsKath.

Article 5 of 7

Next Steps

Advanced persistent threat protection beyond firewalls

More about the challenges and benefits of advanced threat detection

How big data can detect advanced persistent threats

This was last published in November 2015

Dig Deeper on Emerging cyberattacks and threats

Get More Information Security

Access to all of our back issues View All