'Think like a bad guy' to protect against hackers - HP Enterprise Security

By Danny Palmer
14 Feb 2014 View Comments

Cyber security professionals need to stop being "read like an open book "and think like hackers in order to properly defend against cyber threats.

Further reading

That is according to Scott Lambert, director of threat research for HP's Enterprise Security business unit, who made the comments in the wake of the HP Security Cyber Risk Report 2013. He explained how a mindset of "thinking like a bad guy" would be beneficial to cyber security personnel.

"If you look at which vulnerabilities the bad guys are weaponising, you want to address your defence from that perspective," Lambert told Computing, and gave the example of taking Java loopholes into account.

"Java Sandbox bypass vulnerabilities were some of the most prevalently used by cyber criminals last year, so if you have Java in your network and know it was in parts of your environment that had access to sensitive data, that's certainly something you want to prioritise as soon as patches became available."

Lambert pointed to how cyber criminals use underground forums and the dark web to share information about known vulnerabilities and successful thefts and hacks. He suggested that cyber security professionals across different organisations should employ the same collaboration tactics in order to protect against the latest cyber threats.

"There's a lot of collaboration among the bad guys; they share the malicious payloads, the malicious infrastructure, they talk about standard operating procedures and the tactics and techniques they use to successfully carry out a compromise and extract data," said Lambert.

"As defenders we need to be thinking along the same lines. As defenders we should be sharing with one another – ‘We've seen this threat actor in our environment; this is the incident response process we've used to thwart the threat, to respond to the incident. This is what worked, this is what sequence of events they carried out in our network we should be aware of'," he continued.

"We want defenders to collaborate more around sharing threat intelligence and more specifically actionable threat intelligence, things you can consume and understand."

Lambert also said that cyber security professionals should employ the strategy of "continuous monitoring" employed by cyber criminals and hackers, so that if a new threat does occur, they are able to keep their organisation safe.

"Bad guys use continuous monitoring for their critical components, they understand when their malicious payloads are being detected by the anti-malware industry and they quickly deploy a new fully undetected malware payload as a result of monitoring continuously," he told Computing.

"They understand when their internet infrastructure turns up on a blacklist so they re-route traffic accordingly. They're quick to adapt to these types of things, so we need to understand the environment, deploy continuous monitoring and know what's happening. Those types of things are very important for the defender."

[Please turn to page 2]

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %