{"id":97,"date":"2011-02-27T16:05:22","date_gmt":"2011-02-27T21:05:22","guid":{"rendered":"http:\/\/techtonictimes.com\/?p=97"},"modified":"2015-07-26T11:58:18","modified_gmt":"2015-07-26T11:58:18","slug":"sniper","status":"publish","type":"post","link":"https:\/\/www.abrahamsconsulting.com\/blog\/sniper\/","title":{"rendered":"Sniper"},"content":{"rendered":"
\n

“The Wall Street Journal reported that outsiders had repeatedly penetrated the computer network of Nasdaq OMX Group during the past year.”<\/strong><\/span><\/p>\n<\/blockquote>\n

Convicted\u00a0 D.C\u00a0 sniper, John Allen Muhammad, along with his 17-year old accomplice, Lee Boyd Malvo, terrorized the Washington region in September and October 2002 as they engaged in a series of apparently random sniper attacks. <\/span><\/p>\n

Sixteen\u00a0people were shot. Ten died.<\/span><\/p>\n

Theirs,\u00a0though random in nature,\u00a0resembles the ongoing Cyber warfare that stalks perhaps some of the best security processes that are in place in organizations like the Nasdaq. The great differentiators? Cyber Warfare is systematic and targeted.\u00a0And sometimes they are quite sophisticated.<\/span><\/p>\n

This month\u00a0the company that\u00a0owns the Nasdaq Stock Market confirmed that its computer network has been infiltrated specifically by way of a service that allows the leaders of companies, including board members, to securely share confidential documents. <\/span>These\u00a0persistent reminders\u00a0to secure\u00a0the enterprise by employing a multi-layered approach is hopefully becoming less debatable among IT professionals\u00a0considering the\u00a0 onslaught of security breaches\u00a0even though we are less than two months into the new year. <\/span><\/p>\n

Among the casualties of 2011 to date are, eHarmony and five multination oil and gas companies.\u00a0And in each case the snipers were laser focused on stealing\u00a0critical proprietary information..\u00a0\u00a0\u00a0In the case of the oil and gas companies, McAfee\u00a0 reported that the “hackers got into its\u00a0computers, one of two ways, either through their public websites or through infected emails sent to company executives.<\/span><\/p>\n

Yet while the\u00a0debate may be subsiding, it is questionable whether preventative measures to secure new security gaps in the enterprise, once\u00a0identified, are treated with the urgency that they demand. I have encountered many organizations who readily agree with the\u00a0findings of a gap analysis as it relates to the security of their network but\u00a0have settled into complacency; ‘we don’t have the budget,’ or ‘the tools we have in place should <\/strong><\/em>do the job.’ And they do, until there is an attack.<\/span><\/p>\n

In the case of Nasdaq, Bit9’s Endpoint Security solution would have been a formidable defense against the Advanced Persistent Threat (APT) that was leveled against it. <\/span>The attack included malware delivered by clicking on either a web page, email or an attachment which enabled suspicious files to use a backdoor to deliver additional malware and execute commands.\u00a0 In this instance, as it is with most APTs, the ‘Sniper’ was state-sponsored. Russia.
\n<\/span><\/p>\n

Bit9’s Parity suite would have detected and blocked the attack. Inherent in its function, is the capacity to maintain a live inventory of all software on all systems. Therefore,\u00a0 all stalkers\u00a0 attempts to infiltrate its computers would have failed. Additionally,\u00a0Parity Suite leverages its baselining feature to identify suspicious files outside of the approved set of software or its White List.\u00a0 It further utilizes the software reputation service to identify suspicious files or anomalies. Once the first computer is attacked, subsequent computers would have been immediately identified and a command to stop the propagation across all systems would have been executed or banned. <\/span><\/p>\n

Consider the statistics in light of the complacency that I often encounter:<\/p>\n