When Prevention Fails

By Melisa LaBancz-Bleasdale
in

Virginia-based, MANDIANT, released their latest M-Trend findings at the recent U.S. Department of Defense Cyber Crime Conference 2011 at the Hyatt Regency Hotel in Atlanta.

The M-Trends series spans more than a decade of lessons learned on the front lines of intrusion investigations for the U.S. government, defense industrial base and commercial organizations. When Prevention Fails spotlights malware capabilities and techniques, as well as other highly complex and sophisticated attack schemes used by the Advanced Persistent Threat (APT)1 across a breadth of organizations. Content presented in M-Trends has been derived by MANDIANT from unclassified environments and sanitized to protect victim identity and data.

Some excerpted trends from the report:

     
  • It is no longer acceptable to rely solely on preventive measures. Combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response.
    •  
  • The majority of victims were either compromised by a targeted e-mail campaign or were victims of a prior intrusion that was never appropriately remediated.
    •  
  • Threats have evolved faster than our ability to reliably safeguard our assets. To better protect our information and intellectual property, we must adapt our organizational security programs to meet the emerging challenges.
    •  
  • Done right, threat detection and response provides IT security teams the situational awareness to rapidly detect incidents, suppress their impact, develop their own threat intelligence and rely on other timely intelligence to proactively inspect your networks for the fingerprints of compromise.

M-Trends is written for information security professionals in the enterprise and to increase the collective understanding of the advanced threat landscape.

“Between Aurora, Stuxnet, and the Wikileaks distribution of classified wires, 2010 should have made it abundantly clear that the stakes have changed, ” said Josh Corman, Research Director for Enterprise Security at The 451 Group. “We are well beyond casual attackers whose attacks conform to mainstream 80/20 rules and compliance checkboxes. Adaptive Persistent Adversaries know you are compliant and do not care. It’s time to refresh your models and to invest in greater visibility for early detection and prompt, agile response. Industry reports like M-Trends can help increase broader awareness and understanding of the advanced threat landscape.”

To download a copy of M-Trends visit MANDIANT

Published February 5, 2011