Paradigm Reboot: The Rise Of APTs

APT

Remember the 90’s when the term “paradigm shift” first became fashionable argot among business elites? Well, it’s a new century now, and the term aptly describes fundamental changes underway in network security.

Fueling today’s shift is a marked rise in Advanced Persistent Threats (APTs) that, unlike viruses and malware, are not easily detected by 20th Century approaches to network security, such as black listing and scanning. Government entities and commercial enterprises alike are beginning to understand that identifying and removing APTs requires a new, and indeed opposite, approach: namely, white listing.

The white list approach to security assigns an organization singular authority to define and grant all permissible freedoms for applications, devices and users on its network. By permitting only pre-approved activities, it needn’t monitor endlessly for suspicious behavior and provides a stiffer defense against unanticipated attacks.

With such intuitive benefits, it’s difficult to understand why the industry didn’t shift to a white list security model a decade ago. The reason is that white lists can be difficult to implement cost-effectively due to the challenge of keeping them current amidst the frequent updates to programs that populate them.

Those challenges are beginning to see solutions, however, as illustrated by an award-winning white list pilot program launched by the National Security Agency Information Assurance Directorate (NSA) and the Trusted Computing Group (TCG).

The program proved effective in hindering the spread of targeted attack infections, and effectively red flagging when infections did manage to infiltrate systems. The pilot earned the NSA and the TCG the 2011 U.S. National Cybersecurity Innovation Award from the SANS Institute – the industry’s most trusted and largest source for information security training and security certification.

Paradigm reboot

Not surprisingly, boot integrity is in the vanguard of emerging white list solutions, and it is attracting interest from network administrators concerned about APTs. This interest was evident at a well-attended 2nd Annual NSA Trusted Computing Conference. The presentation discussed research conducted on the deployment and use of a boot integrity collection and reporting tool.

The focus is shifting from black list to white list – a paradigm shift – as major corporations and government agencies learn about APTs and investigate new product technologies that help protect their networks, data, assets, people and institutions.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Lark Allen is responsible for Wave’s business and corporate development, specifically creating strategic technology relationships and evaluating opportunities that have potential to achieve Wave’s strategic goals. Additionally, Lark oversees the development of a core set of markets and strategies related to security products, thereby furthering the company’s competitive positioning. Lark plays an active role in a number of industry standards organisations, including the Trusted Computing Group where he is a member of the Storage Work Group, which builds upon existing TCG technologies and focuses on developing open standards around secure data storage. Lark has more than 30 years of industry IT experience with large enterprises and has held executive management positions in sales, marketing, development and consulting. Before coming to Wave, Lark worked for many years with IBM. He graduated from Brigham Young University with a BS in Physics and earned an MS in Industrial Administration from Purdue University.