Nobody ever said network defense was easy.
If you’re in charge of protecting your enterprise’s digital assets, the one thing you always seem to be fighting is time. Even after you have read every security analyst report on the market and deployed best-of-breed security products, if your IT security and data protection tools don’t work together, time will still not be on your side during an attack.
Most organizations today attempt to create an IT security masterpiece with a slew of products from multiple vendors, each addressing a different aspect of your IT environment and different areas of risk. However, when you don’t understand how hackers find vulnerabilities within your siloed endpoint, gateway and datacenter security systems, you wont stand a chance at stopping them.
At FOCUS 14, we had the opportunity to challenge attendees to think like a hacker– demonstrating the six steps that hackers take when launching attacks. While hackers improve the technologies they use every year, their methodologies have been the same for decades. Once you learn to spot their 6 phases of intrusion within your network, you’re one step closer to a hacker-proof enterprise:
- Information gathering
When hackers plan an attack, the first thing they do is pick a target organization, and identify the address space they will be attacking. Then, they begin gathering IP addresses and names of high-profile people within the environment who are likely to hold sensitive corporate or personal data.
After a hacker has a full list of employee targets, they begin the scanning process. That includes scanning for specific instances of vulnerable applications running in an environment.
Once a hacker has identified the application they are after, they determine the precise versions of the technology they can penetrate. For example, a hacker might target an Apache HTTP server, and hone in on Apache Struts.
Once they find a point of entry, the hacker begins compromising your web server, leveraging vulnerabilities or configuration issues to gain access. By determining how they can interact with the target application and underlying operation system, they infiltrate to survey how far they can expand an attack within your network.
Following penetration of your environment, a hacker’s next step is to create user profiles and escalate access privileges to spread threats as widely as possible.
The final step of a hacker’s malicious process is pillaging. Unlike hacks of the past, today’s attacks are no longer about just compromising a server and defacing a website. Their mission is gaining access to credit card data, company trade secrets, customer information and personal identity information. The “real” hackers that we are concerned about are the ones with the tools to mine your data, and use it for their own benefit.
Knowing how hackers think and act is the first step in the direction of keeping your network safe, and fortunately for you there are tools, like McAfee Threat Intelligence Exchange (TIE), that you can implement to keep attacks at bay.
Want more info on how you can use TIE in your organization to fight digital threats? Make a stop on our TIE community page here for more information, and don’t forget to follow McAfee for the latest product updates.
If you missed this presentation at FOCUS 14, don’t worry! We will present a live, updated version at FOCUS 15, this October 26-28.