Why it is more crucial than ever to monitor your networks in real time
As Jason mentioned in his post, last week brought yet more breaches to light in the form of Community Health Systems and now UPS Stores. To be fair, the UPS Stores breach affects a much smaller population, however at potentially 105,000 transactions, it still represents a significant concern. Actually, it’s telling that 105k seems small compared to the other numbers we are used to seeing.
In the UPS case, just like in the case of Target, we see a federal agency notifying UPS of the activity. It is good to see this capability at the federal law enforcement level, however this type of detection happens after an organization has been compromised and long-term persistence has been established. In our webinar andpost about the Defense in Depth Kill Chain, we talk about a “linger area” where malicious activity can persist once it gets past a certain set of controls.
Remember the kids that used to buy one movie ticket and then go from theater to theater? They (or you, or we?) figured out the same principle – once you are past the perimeter it becomes much easier to maneuver, as long as you do not cause trouble. Attackers know this and work to establish their own persistence mechanisms that will avoid raising alarms, in order to preserve that long-term access in the target environment. In the case of UPS, as with the Target breach, the attackers managed to install software onto these systems and remain undetected for an extended period of time – once past the ticket counter, there is no one to stop them.
We should know what is happening on our networks, at least as much as law enforcement, but recent events are showing that this is not yet the case. Countermeasures are great, but can only get us so far without process in place to review and analyze what we’re seeing. In doing this, we begin to move from response to early detection, to prevention. Then we can start engaging law enforcement about what we are seeing, and that is when we will know we are getting ahead of the game.