I mean, think about it for a minute...
Would your IDS tell you? Perhaps.
Would your AV tell you? Probably not.
Would your firewall tell you? Unlikely.
So, how could you know?
Maybe the unwelcome visitor will deface something. As awkward as this may be, the signs are obvious. There is something visible to address and work on. At least you will know.
Maybe you will spot some unusual file access on critical systems. The problem is that for this to be effective, you must first know what your critical systems are and actually be on the lookout for strange behavior. Are you? Do you even know what normal behavior is?
Maybe you will get a call from an external body, alerting you to the fact that your data - your intellectual property, has appeared somewhere else. Maybe they are a victim too? Maybe the call has come from a government agency?
Regardless of how you find out, at some point, you hit the panic button and close the door. The proverbial horse has more then likely already long left the scene.
Maybe we are going about this the wrong way?
For many years, IT security has been all about defence in depth, about deploying ever more complex point solutions in a virtual arms race, adding more layers to the onion to keep the bad guys out. This is a good thing as it keeps out the casual hackers, the script kiddies and the typical drive by exploit. It is not going to keep out someone determined. Someone with a motive.
So, maybe the question should be ‘How do you know that you haven’t been hacked’?
This change of mindset starts with the presumption that there is always a weakness, a chink in the armour that will eventually, inevitably be exploited. With this mindset, you will be vigilant, alert and looking for trouble. To do this requires different tools. You still have to patch. You still have to get the basics right but now, you are effectively on watch. Monitoring the gateways for signs that malware is communicating with a command and control server, looking for data being exfiltrated.
You can never guarantee to defeat all hack attempts, but you can be agile enough to catch them in progress, before the real damage is done. But to do this, you need to be on the lookout.
Recent Blog Entries
Why SSL VPN Still matters
In fact, it matters even more.
NetWitness Visualise
Your Network: Know everything, Answer anything.
How would you know that you have been hacked?
Think about it for a minute.
How can you secure ActiveSync traffic?
In the second of our series looking at how to secure mobile workers, we concentrate on the ActiveSync Protocol.
How should you develop a Mobile Security Policy?
For the next couple of weeks, we are going to focus on the move towards mobile working and explore the impact that this could have on existing security processes.
Is AntiVirus software really the answer?
AV Signature as Standalone Defence - Failure No Matter Where You Put It