According to Symantec Research Labs, zero day exploits persist in networks for 312 days on average before discovery. And it’s no wonder. Nearly one third of IT professionals are not confident that they could detect a cyber intrusion on their network. So says a survey of approximately 150 IT pros we conducted at this year’s Microsoft Ignite.
Why would this be? Perhaps the security tools they’re using don’t have the ability to detect today’s stealthy hackers. The survey also found that 83% of respondents remain confident that their perimeter security tools, like firewalls, can react quickly enough to defend against today’s sophisticated cyber attacks.
Here’s our take: next generation firewalls, intrusion detection systems and similar tools are potent deterrents to known threats. But when it comes to zero day threats and targeted phishing attacks, these same perimeter security products suddenly become ineffective. That means organizations still relying on such tools to protect their data against advanced cyber attacks should prepare for the consequences. Especially since more than half of those surveyed (51% to be precise), think that their corporate networks are “continuously targeted” by hackers.
Combating Cyber Intrusions
A related finding from the survey is that when cyber intrusion are detected, the most common IT mitigation technique is to take manual action to try and stop the hackers. In other words, IT pros are fighting automated cyber attacks with manual processes. Not exactly a blueprint for success. Competent attackers are capable of quiet intrusions and the mass harvesting of credentials found on compromised systems.
What should infosec pros be doing instead? Lieberman Software, sponsors of the survey, recommends frequent system reboots, discontinuing the use of domain administrator accounts, regularly invalidating Kerberos tickets to force re-authentication, and using time-limited credentials for authentication.
Furthermore, it’s advisable to automate privileged identity management to counter automated cyber attacks. This removes humans from the process of service account password changes. Doing so reduces the manual burden placed on IT. And organizations can overcome automated cyber attacks that nest within environments and exploit long-lived administrator passwords to move laterally around the network. For details on the Lieberman Software survey, see http://www.liebsoft.com/IT-Professional-Survey/.