security
FORENSIC FOCUS
Tom Rowley of Savvius explains how post-breach forensics can play a vital role in
regaining the upper hand against cyber criminals.
A
couple of years ago,
Joseph Demarest,
assistant director of
the US Federal Bureau
of Investigation’s
Cyber Division, told congress
that ‘approximately 500 million
computers are infected globally
each year, translating into 18 victims
per second.’ Smartphones are not
far behind; Trend Micro reports
in its 2016 Trend Micro Security
Predictions: The Fine Line, that over
20 million smartphones are infected
with malware bots. This means
18
that the historical focus on network
security to prevent or at least detect
initial attacks is failing. Although
companies have invested millions
of dollars in security hardware and
software, including firewalls, antivirus
and patch management systems, it is
nonetheless true that targeted attacks
will almost always succeed. This
isn’t an indictment of the network
security defence teams. There are
many factors which have swung the
balance in favour of attackers – the
emergence of new ‘attack surfaces’,
such as bring-your-own-device
(BYOD), the cloud, legacy systems
that can’t be patched for fear of failure
or disruption, and production software
released without being tested for
vulnerabilities, just to name a few.
Acknowledging these problems,
network security teams are taking a
page from the methods commonly
used by law enforcement officers.
Most police detective work is focused
on finding clues to a crime after it
has happened. The goal is to rapidly
identify and apprehend a criminal,
not to catch the crime in progress.
Similarly, instead of relying on static