Enterprise Security Monitoring with the Fusion Center Model

Enterprise Security Monitoring with the Fusion Center Model

Yushi Shen (Microsoft Corporation, USA), Yale Li (Microsoft Corporation, USA), Ling Wu (EMC2 Corporation, USA), Shaofeng Liu (Microsoft Corporation, USA) and Qian Wen (Endronic Corp, USA)
DOI: 10.4018/978-1-4666-4801-2.ch006
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

In the past few years, we have witnessed cyber-attacks of unprecedented sophistication and reach. These attacks demonstrate that malicious actors have the ability to compromise and control millions of computers that belong to governments, enterprises, and ordinary citizens. If we are to prevent motivated adversaries from attacking our systems, stealing our data, and harming our critical infrastructure, we have to first understand emerging threats to develop proactive security solutions to safeguard the information and the physical infrastructure that rely on it. This chapter discusses one possible approach to defending against malicious actors at the enterprise level.
Chapter Preview
Top

Emerging Threats: Advanced Attacks

The academic research community categorizes emerging information security threats into 3 types (Kruegel): cybercrime, targeted attacks and emerging cyber warfare. The information security industry has widely adopted the term “advanced persistent threat” (APT) to describe what some see as an emerging form of cybercrime, advanced attack and in some cases, even cyber warfare. For the purposes of this chapter, we are to adhere to the industry categorization for information security threats, and acknowledge that any cyber-attack resulting from the three categories above can come in the form of either traditional threats or advanced persistent threats. There are four major characteristics that signify an advanced threat versus a traditional threat (FireEye, 2013):

  • Stealthy: APT attacks are usually launched quietly and generate minimal network anomalies;

  • Unknown & Zero Day: APT attacks typically use custom malware, that is not detectable by signature-based anti-malware products;

  • Targeted: APT attacks are typically highly targeted, and the result of significant reconnaissance;

  • Persistent: APT attacks generally have an end goal, and the attackers are willing to endure until the end goal is achieved.

Figure 1 shows the new threat landscape from traditional threats escalating to advance threats.

Figure 1.

The new threat landscape

The following are some recent examples of publically acknowledged attacks from each category listed in Table I:

  • Cyber Crime: Sony (Play Station Network attack), attacked by the RBN (Russian Business Network);

  • Advanced Attacks: 70+ Organizations in 14 Countries (Operation Shady RAT), Google (Operation Aurora attack), RSA (SecurID attack);

  • Cyber Warfare: the Iranian Nuclear Power Plant (Stuxnet attack).

Table 1.
Categories of Cyber Attacks
   Category   Goals   Funding/Resources   Impact   Frequency
   Cyber Crime   Financial gain; Interruption of Service   Low; organized by criminal groups or ideological movements   High   High
   Advanced Attacks   Intellectual Property Theft; Hacktivism   Medium; organized by nation-state or large adversaries   Very high   Medium
   Cyber Warfare & Terrorism   Loss of life; degradation of societal norms   High; organized by cyber military force or terrorist organizations   Highest   Low

Complete Chapter List

Search this Book:
Reset