Simple fixes for advanced persistent threats

Powered by SC Magazine
 

Spend less on what you don't have and more on what you do.

Most Advanced Persistent Threats (APTs) can be mitigated by simple security upgrades, a Telstra security specialist has advised.

According to Scott McIntyre, senior technology architecture specialist in Telstra's Security Operations, the industry was undergoing "a phase of self delusion about the true nature about where the exposures are coming from".

"Most external threats, these APTs, are taking advantage of internal infrastructure and policy failures," he said, noting that he was not speaking on behalf of the telco.

McIntyre spoke at the AusCERT 2011 conference last week after he presented at the previous year's event as the security head for Netherlands ISP XS4All.

He said rather than buy the latest toolkits at the behest of the boss, security professionals should consider upgrading internal systems.

Although the high profile compromise of security company RSA was attributed to APTs, McIntyre said the "crux" of the breach was more simple, and hinged on vulnerabilities in Microsoft Office 2007.

The exploited vulnerabilities may not have been present had RSA upgraded to the 2010 version of the software, he said.

He said chinese whispers and inflated press reports were to blame for the misperception of threats and solutions.

Power to the people

Social networking should be permitted provided staff actions can be traced, according to McIntyre.

"Accountability, responsibility and traceability" are the three tenets that should underline corporate social media policies, he said.

Security professionals should also avoid prescribing security tools in high-level security policies and instead base the documents on implementation procedure, McIntyre said.

"I'm not sure if we will solve the [security] problem if it comes down to something you can put in a spreadsheet."

Copyright © SC Magazine, Australia


Simple fixes for advanced persistent threats
 
 
 
Top Stories
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
 
Sending in the drones
Margins are getting tighter in the industrial services industry, so Transfield Services' Stephen Phillips looks offshore - and to the skies - for the solutions he needs to keep pace.
 
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  44%
 
No
  56%
TOTAL VOTES: 524

Vote