Gartner's verdict on advanced security threats: firms must try harder

Targeted attacks are using known exploits, so companies need to act to block them, says analyst outfit

Don't blame the source of the security threat, deal with the vulnerability, is the advice from industry analysts at Gartner when it comes to targeted cyber attacks.

Gartner estimates that in the average organisation four to eight per cent of executables that pass through antivirus and other common defences are malicious. Advanced security threats, such as targeted attacks, are on the rise, but simply adding more layers of defence does not necessarily increase security against targeted threats.

Security controls must evolve, according to the analyst firm's latest report Strategies for Dealing with Advanced Targeted Threats.

"The reality is that the most important issues are the vulnerabilities and the techniques used to exploit them, not the country that appears to be the source of the attack," said John Pescatore, vice president and distinguished analyst at Gartner.

"The major advance in new threats has been the level of tailoring and targeting - these are not noisy, mass attacks that are easily handled by simple, signature-dependent security approaches," he added.

Blame for some recent targeted attacks has been levelled at state-backed hackers in China, Russia and other countries. But whatever their source, the techniques - denial of service, theft of information - are borrowed from those exploited by cyber criminals for some years, says Gartner, and businesses must learn to cope.

"Targeted attacks are penetrating standard levels of security controls and causing significant business damage to organisations that do not evolve their security controls," said Pescatore. "Organisations need to focus on reducing vulnerabilities and increasing monitoring capabilities to deter or more quickly react to evolving threats."

Own the vulnerability; don't blame the threat, is Gartner's advice. Many attacks that include zero-day exploits often use well-known vulnerabilities as part of the overall attacks. If IT leaders close the vulnerability, then they stop all intruders from curious teenagers, to state-backed cyber soldier.

"The use of specialised threat detection, network forensics and situational awareness technologies can be very effective in quickly detecting and reacting to the first stages of an advanced targeted threat, but require high levels of skilled resources to be effective." Pescatore said.

Defence in depth means having sufficient people to act on a threat as well as layers of security products, Gartner's report says. It also urges companies to focus on security not compliance, where living up to customers' trust is prized over limiting the company's liability from legal action.

"A ‘lean-forward' approach to security is going beyond the due diligence level of the standard network security and vulnerability assessment controls, and using tools and processes to continuously look for active threats on the internal networks," Pescatore said.

"However, IT leaders must be prepared to invest in and staff lean-forward processes - and they must be prepared to take action if they find something," he added.

Gartner analysts will also discuss the subject at the Security & Risk Management Summit 2011 taking place 19-20 September, in London.