Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Evidence Based Security Protection Now More Important

SANS Institute : 10 August, 2011  (Technical Article)
IT security experts warn that existing detection methods based on anti-virus software, firewalls and intruder detection are insufficient to detect the majority of attacks
Evidence Based Security Protection Now More Important
Ahead of Sans London 2011, a top security expert and trainer is warning that administrators still don’t have the skills to spot a well executed persistent hack. “We work with a growing number of organisations that simply don't realise that they have been the victim of a well orchestrated and persistent attack,”  comments Steve Armstrong, former head of the UK Royal Air Force penetration testing and widely considered one of the UK’s most experienced IT security professionals.

“We go in, look at the logs and can quickly see clear evidence of the problem but there has either been a failure to spot it or not enough resource assigned to look for the evidence.” Of the last 20 incidents that Armstrong and his team have been called into investigate, he estimates 95% of them had clear evidence that had gone unnoticed. “In many cases, it is often an admin who has a 'gut feeling' that calls us in but when we start digging, the full extent of the breach is normally far worse than initially suspected.”

Armstrong, who has been within the security sector for over 17 years, believes that the issue is down to  sophistication on the part of the hacker and an over reliance on tools. “The IT vendors keep on telling us how great the tools to spot problems are but they are certainly not  fool proof. They can also be circumvented by criminals who know what they are doing.”

For example, as one of the elements of the upcoming SECURITY 464 Hacker Detection for Systems Administrators with Continuing Education Program course, Armstrong shows how the simple modification a known item of malware package can defeat up-to-date anti-virus protection software. “The days when a hacker would wander blindly around systems are gone,” he explains, “Now, the goal is to get in and stay in, undetected, for as long as possible. This is the issue that is causing the most problems but getting the least headlines.”

Armstrong agrees that there has been a surge in demand for IT security tools, penetration testing and training as a response to attacks by organisation such as Lulzsec and Anonymous. However, in some cases, he equates these antics to graffiti on a wall, “...it might be news worthy but some would argue that it distracts attention away from more insidious and organised hacks against US defence contractors and security tools suppliers like RSA.” he notes, “A hacktivist hitting your site with a denial of service attack may well just be a distraction to get something more dangerous onto a critical server somewhere else.”

The new 464 course will début in London this year and is part of a shift to an ongoing education model that the IT security industry is experiencing. “The notion that you can do a 2 day course and be up to date on the threat landscape forever is not realistic, “explains Armstrong, “Hacker Detection for Systems Administrators will be backed up by four Quarterly Threat and Tool Briefings which are included in the initial training fee and this ongoing training is extremely useful as we undergo a lot of upheaval in the move to more virtualisation and cloud platforms.”

Initially running over 2 days with quarterly briefings to follow, SANS SECURITY 464 Hacker Detection for Systems Administrators with Continuing Education Program provides the tools and techniques to bridge the gap and help systems administrator teams meet the needs of security and audit teams  while still doing their day jobs. Topics covered include common mis-configurations and mistakes that lead to a system being compromised as well as  security methodology and thought processes in daily systems administration activities.  The course also covers a sysadmin's view of what matters in systems architectures,  security monitoring and the understanding network traffic for systems administrators.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo