Is your intellectual property secure? Whitelisting can help secure against advanced persistent threats

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

The country's most sensitive information is not always secure, despite what most citizens believe.

Nation states like China, Lithuania and Russia are deploying targeted, customized attacks controlled by humans in order to gain access to the intellectual property (IP) of government agencies, pharmaceutical companies, security organizations and other high-profile institutions. These advanced persistent threats (APT) are placing massive bodies of knowledge at risk.

Imagine what could happen if a hostile nation breached the Department of Defense and was able to access classified information on plans for smart bombs or biological warfare. Or picture a cybercriminal locking in on a pharmaceutical research lab, closing in on the cure for AIDS, hacking the system and selling the illegally obtained formula to the highest bidder. It's not unheard of. In fact, intellectual property is fast becoming one of the most profitable products on the black market.

BACKGROUND: Advanced persistent threats force IT to rethink security priorities

MORE: Advanced persistent threats can be beaten, says expert

In a recently released report, the National Aeronautics and Space Administration (NASA) disclosed it received 47 APT attempts, 13 of which successfully infiltrated agency computers in 2011. Breaches in NASA's IT networks can negatively affect national security or lead to significant financial loss. In addition, this type of threat leaves NASA's proprietary information and even blueprints for some of nation's most competitive technological innovations vulnerable. [Also see: "2011's biggest security snafus: Was this the year of the advanced persistent threat?"]

In fact, one of the 13 attacks reported in 2011 targeted the Deep Space Network at the Jet Propulsion Laboratory (JPL) and was linked to Chinese IP addresses. According to NASA, with full-system access to key JPL networks undetected intruders could:

· Modify, copy, or delete sensitive files.

· Add, modify, or delete user accounts for mission-critical JPL systems.

· Upload hacking tools to steal user credentials, further compromising other NASA systems.

· Conceal their actions by modifying system logs.

The JPL breach is still under investigation by the Office of the Inspector General.

NASA is just one of the thousands of companies considered "target-rich," meaning their IP and other sensitive data is ripe for cyberattacks and, more specifically, for APT. In 2011, Lockheed Martin, the country's largest defense contractor, was the target of a massive APT when its VPN access system was breached. Fortunately for Lockheed Martin the threat was detected almost immediately, averting potential disaster.

ROUNDUP: The most mortifying moments in IT security history

Since these attacks are customized and targeted, many go undetected by traditional security measures which are only able to blacklist known malware. And the persistent nature of the attack allows the hacker to modify codes and strings until it finds one that can stealthily permeate the enterprises' security system. In fact, the number of APTs detected by antivirus perimeter defenses can be as low as 25%, meaning the majority are free to continue with malicious activities.

Threats to IP security are at critical levels. Why? It's easier to steal someone else's intellectual property than it is to devise a proprietary knowledge base. Enterprises must institute policies and systems designed for IP protection; otherwise, hackers will undoubtedly find loopholes within current IT security platforms.

Application control and whitelisting endpoint security technology can ensure the integrity of laptops, desktops, servers and even mobile devices so that companies are protected against potential risks and/or major losses of IP. Application control and whitelisting doesn't only stop bad attacks. It allows only known good programs, applications and software to run on protected machines. Companies can devise a list of trusted sources permitted to run on or access their networks and servers. The list of what is permitted to run and/or access data is much smaller than the list of banned programs and applications. Further, the list of unsafe programs, software and apps that have been deemed unsafe is an ever-changing entity, and virus protection software requires frequent updates to stay abreast of the latest potential threats.

Additionally, supplementing advanced threat protection technology with current security information and event management platforms (SIEM) can provide real-time threat detection by filling in blind spots, which are often experienced with event profiling and endpoint executable identification. In conjunction with endpoint data from firewalls and IDS/IPS, threat detection is not only timely, but appropriate, eliminating many false positives. In other words, it creates a faster, more accurate insight of system usage and activity needed by today's security professionals.

The evolution of trust policies has changed the way known sources are managed. What used to be a cumbersome process based upon a static list of approved programs now works by allowing predetermined sources like Adobe or Microsoft WSUS to update as often as necessary. IT professionals can filter updates and downloads based upon publisher, distribution method or trusted source. When an unknown source attempts to download or access files, it's stopped before it can breach the system's firewall, thus protecting the system, the company's intellectual property and any other sensitive data from potential harm.

Mobile device proliferation and BYOD policies

With the continuing rise of mobile, many companies are seeing their employees use mobile devices for work-related purposes, a trend which gives way to the adoption of "bring your own device" (BYOD) policies. iPads and tablet computers are quickly replacing print collateral, and sensitive emails and documents are often sent via smartphones. In fact, one report estimates that as many as 78% of business people use their mobile devices to check email. Furthermore, nearly 40% of respondents of a recent survey believe that employees will access their company's LANs with mobile devices, regardless of the company's BYOD policies. In addition, nearly 30% believe the introduction of the iPad 3 will significantly increase network traffic. But with the proliferation of mobile devices comes real threats to IP security. In fact, the surge in mobile business applications has been recognized by many IT professionals as one of the greatest risks in network security.

Though the use of personal mobile devices in business enterprises provides business-on-demand, it also creates a greater opportunity for the infiltration of malware, which can be spread from the unsecured device. Many professionals unknowingly download infected apps which, once synced to an enterprise network, can transfer malicious files that have the potential to gain access to IP.

Additionally, some employers are transitioning to virtual office spaces, allowing employees to work in part from home. Many mobile and virtual workers transfer data from workstation to workstation using portable flash drives, compromising the integrity of every machine and network used throughout the course of a project.

Although there is not yet a whitelisting application specifically designed for mobile devices, a company's network will remain secure when the malware transferred from the mobile device attempts to infiltrate a whitelist-protected system.

In the face of smarter criminals, IP protection is not only necessary; it's critical. Sensitive information and data are targeted through APTs and unfortunately, many organizations are left believing their data is secure until it's too late. Whitelisting is one of the most effective ways to maximize IP protection.

Bit9 is a leading provider of Advanced Threat Protection and Endpoint Security and protects the worlds intellectual property (IP) by providing innovative, trust-based security solutions to detect and prevent sophisticated malware and cyber threats.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kate Munro, director of marketing, Bit9

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place