{"id":784,"date":"2016-12-02T07:21:58","date_gmt":"2016-12-02T05:21:58","guid":{"rendered":"https:\/\/community.virtono.com\/?p=784"},"modified":"2016-12-11T18:25:09","modified_gmt":"2016-12-11T16:25:09","slug":"targeted-attacks","status":"publish","type":"post","link":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/targeted-attacks\/","title":{"rendered":"Targeted Attacks."},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_73 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.virtono.com\/community\/tutorial-how-to\/targeted-attacks\/#More_Data_than_Sense\" title=\"More Data than Sense.\">More Data than Sense.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.virtono.com\/community\/tutorial-how-to\/targeted-attacks\/#Modernize_Protections\" title=\"Modernize Protections.\">Modernize Protections.<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"More_Data_than_Sense\"><\/span><b>More Data than Sense<\/b>.<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>As we look at the responses, most of these detection and correction efforts combine human expertise with tools and data. All efforts can be improved through access to and better interpretation of relevant data, policy-based workflows, and appropriate and facilitated automation. So what\u2019s holding these valiant security operations teams back? Turns out that security has been a cost of doing business, treated as overhead, with few metrics and limited risk analysis. There\u2019s an infrastructure, but not a conscientious and resilient architecture. Silos of People, Process, and Technology Traditionally, security projects have been chosen, implemented, and operated with an eye to solving a specific problem: protection, detection, correction, and (separately) compliance. Few security teams have had architects articulating an integrated design or an adaptive model. Unlike other long-term infrastructure in IT, until recently security products have not adopted a common data sharing model, messaging infrastructure, or efficient way to link and maintain process integrations that cross workgroups. Instead, security products have been chosen by desktop, network, and compliance buyers without a conscious plan to integrate, enable data sharing, or establish the resilience necessary to keep up with increasingly subtle threats. They have been minimally maintained and replaced when contracts expire, rather than as business and technology changed. \u2018Set and forget\u2019 was a legitimate goal for some security gear. If this description sounds like your organization, you should understand that attackers use this antique approach against you. They\u2019ve proven that point-product decisions create white space. Their toolkit-based and targeted attacks use this weakness to penetrate, persist, and strike\u2014 at sensitive data, vulnerable systems and applications, and critical infrastructure.<\/p>\n<hr \/>\n<h1><span class=\"ez-toc-section\" id=\"Modernize_Protections\"><\/span><b>Modernize Protections<\/b>.<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>To protect, detect, and correct more effectively, review your incident response program to see how well it functions as a machine. Is it a network of separate components, or an integrated, high-performing, and continuously available system? How well do each of the processes integrate with and enrich each other? Is it a closed and continuous loop? As you optimize the protect, detect, and correct steps, you\u2019ll synthesize IT operations and security controls to form an agile, increasingly automated architecture. Here\u2019s how you make it happen. While prevention shouldn\u2019t need an overhaul, each control in your arsenal could use a check-up, particularly with respect to threat intelligence and malware detection. Customized attacks likely start with phishing, corrupted websites, evasive techniques, and zero-day malware. Several actions improve countermeasure effectiveness and prevent incidents that may be sophisticated, but not necessarily highly targeted. Take full advantage of the capabilities available in the preventative controls you already have. Harden and isolate systems from attack using endpoint suite features such as application blocking and behavioral signatures. Let email and web gateways detect and block suspicious files, sites, and phishing messages before they reach the user. Software updates, add-on modules, and Security-as-a-Service are the lowest cost, lowest disruption ways to acquire current features. Integrate threat intelligence into countermeasures bidirectionally, so your controls share discoveries with each other and with researchers and other corporations. For instance, endpoint, email, and web protections consume, generate, and share threat intelligence with networked analytic for closed-loop threat analysis. This allows you to move from a mode of constant tactical encounters to learning and adapting. Finally, make your architecture adaptive using automated blocking based on evolving reputation, risk scores, and policies, or other attack understanding. These efforts should be considered part of \u2018routine maintenance\u2019 for your security infrastructure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>More Data than Sense. As we look at the responses, most of these detection and correction efforts combine human expertise with tools and data. All efforts can be improved through access to and better interpretation of relevant data, policy-based workflows, and appropriate and facilitated automation. So what\u2019s holding these valiant<\/p>\n","protected":false},"author":3,"featured_media":804,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,3],"tags":[],"class_list":["post-784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-tutorial-how-to"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/images.jpg?fit=259%2C194&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ISfL-cE","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":786,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/threat-defense-isnt-just-about-detection\/","url_meta":{"origin":784,"position":0},"title":"Threat Defense Isn\u2019t Just About Detection.","author":"Daniel Draga","date":"December 3, 2016","format":false,"excerpt":"An intelligent endpoint is one that is highly automated to detect security problems faster and more accurately, respond immediately and remediate problems fully. If done correctly, intelligent endpoints provide invaluable insights and forensics into threat behaviors. In order to stop increasingly sophisticated threats, many security and IT organizations have focused\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/16673209002_4901b0e2c3_b.jpg?fit=846%2C480&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/16673209002_4901b0e2c3_b.jpg?fit=846%2C480&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/16673209002_4901b0e2c3_b.jpg?fit=846%2C480&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/16673209002_4901b0e2c3_b.jpg?fit=846%2C480&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":749,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/hunt-down-apts-with-big-data-analytics\/","url_meta":{"origin":784,"position":1},"title":"HUNT DOWN  APTs WITH BIG DATA ANALYTICS","author":"Daniel Draga","date":"November 11, 2016","format":false,"excerpt":"ORGANIZATIONS THAT START to address information security in a meaningful way will come to a point in their maturity when they have a lot of machine data. The challenge many CISOs face is how to leverage that data quickly and correlate events dynamically across the enterprise to track down advanced\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/dataintegration2.jpg?fit=1200%2C500&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/dataintegration2.jpg?fit=1200%2C500&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/dataintegration2.jpg?fit=1200%2C500&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/dataintegration2.jpg?fit=1200%2C500&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/dataintegration2.jpg?fit=1200%2C500&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":739,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/introduction-to-siem-security-information-and-event-management\/","url_meta":{"origin":784,"position":2},"title":"Introduction To SIEM : Security information and event management","author":"Daniel Draga","date":"November 5, 2016","format":false,"excerpt":"Systems we call SIEMs have never stopped evolving, and they\u2019re at it again, with new capabilities essential to 21st-century security. So it\u2019s time to get to know SIEMs again. Security information and event management products first appeared in the mid-2000s, a merging of SIM (security information management) and SEM (security\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/siem-image-wp.jpg?fit=690%2C355&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/siem-image-wp.jpg?fit=690%2C355&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/siem-image-wp.jpg?fit=690%2C355&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":792,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/stopping-malware-propagation\/","url_meta":{"origin":784,"position":3},"title":"Stopping malware propagation","author":"Daniel Draga","date":"December 8, 2016","format":false,"excerpt":"The use of mobile devices in our everyday lives has become widespread. In recent years, the number of smartphones sold globally has surpassed the number of desktop computers sold. Malware authors have followed this and developed sophisticated malware addressed both at the mobile device platforms as well as desktop platforms.\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/browser-redirects-hijacking-malware-virus-1024x787.jpg?fit=1024%2C787&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/browser-redirects-hijacking-malware-virus-1024x787.jpg?fit=1024%2C787&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/browser-redirects-hijacking-malware-virus-1024x787.jpg?fit=1024%2C787&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/browser-redirects-hijacking-malware-virus-1024x787.jpg?fit=1024%2C787&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":744,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/ways-to-guard-a-vanishing-network-perimeter\/","url_meta":{"origin":784,"position":4},"title":"WAYS TO GUARD A VANISHING NETWORK PERIMETER","author":"Daniel Draga","date":"November 8, 2016","format":false,"excerpt":"WITH DISTRIBUTED WORKFORCES and mobile technologies, the network perimeter has evolved beyond the physical limits of most corporate campuses. The days when the perimeter was an actual boundary are a fond memory. Back then, firewalls did a decent job of protecting the network from outside threats, and intrusion prevention tools\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/itsecurity.jpg?fit=1200%2C900&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/itsecurity.jpg?fit=1200%2C900&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/itsecurity.jpg?fit=1200%2C900&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/itsecurity.jpg?fit=1200%2C900&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/11\/itsecurity.jpg?fit=1200%2C900&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":789,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/malware-attack-on-virtual-machines\/","url_meta":{"origin":784,"position":5},"title":"MALWARE ATTACK ON VIRTUAL MACHINES","author":"Daniel Draga","date":"December 6, 2016","format":false,"excerpt":"Server-oriented malware is actually more likely to infect a virtual system than a physical one in many organizations. Now what? This expert e-guide provides the real story of how malware is adapting to virtual environments, so you can ensure protection going forward. \u00a0 Enterprises are increasingly adopting virtualization technology, according\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/mobile-malware_126852062-thumb-380xauto-2252.jpg?fit=380%2C304&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/comments?post=784"}],"version-history":[{"count":1,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/784\/revisions"}],"predecessor-version":[{"id":785,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/784\/revisions\/785"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media\/804"}],"wp:attachment":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media?parent=784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/categories?post=784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/tags?post=784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}