You need to review this article with references.
Being compromised and not knowing it is a large threat that everyone in the commercial and government sector needs to understand. The question is no longer if we are going to be compromised but when are we going to be compromised?
No matter how many devices you place on your network to stop incoming threats there is always a way on through the user. This is because the user is the weakest link in information systems security. Through social engineering an attacker can simply ask the user for their password or physical access to the building in areas they do not belong. A more common social engineering attack is phishing.
With phishing an attacker carefully creates an email that looks legitimate to the user. However, the links embedded within them would lead to a fake site where the attacker gathers the username and password of the individual. Also, the phishing email can contain malware that would allow the attacker to gain access to the system or the network.
If an attacker wanted to go after a target within the company the attack is then called spear-phishing. Further, a disgruntled employee or a trusted insider could purposely cause an attack. These attacks bypass all the perimeter defenses within the organization allowing the attacker to work unnoticed for months or years. This type of attack is known as an advanced persistent threat (Walker, 2017).
Combating advanced persistent threats (APT) is now the forefront of security personal. The first step to secure the network would be to educate the users of the network.
Teaching your employees, the security polices of the company as well as educating them on what is social networking and what a phishing email is will go a long way to helping secure the network. With the end user being the weakest link, anything you can teach them will make them stronger (Johnson, 2015).
The information security professional can do several things themselves that can also combat APT. Looking at big data is necessary. Collecting and analyzing data from different sources and over a sustained period of time will help find compromise. Compromises are no longer at a single point but spread out over several areas within the network.
Using data from different sources and analyzing it together will help spot a compromise in the systems. Looking for indicators of compromise is a big step. Anything from unique DNS queries, looking for custom tools, finding remote desktop connections, proxies, or encrypted tunnels can all be a sign of a compromise.
It is best to know what the network does under normal circumstances so that any anomaly can be detected quickly. Finally, a test of your network can help find APTs. Hacking your own network or allowing someone on the outside ethically hack your network will help you find vulnerabilities. This information can be used to further secure your network defenses. Ultimately, it will take a combination of several different approaches to secure the system from APTs (Armerding, 2014). In Ephesians 6:10-18 talks about putting on the entire armor of God. Each piece of the armor is needed for protection while there is one piece used for attacking.
It is the combination of each of these pieces of armor that brings about protection for us in our spiritual walks. Likewise, it is a combination of defensive tools that will bring protection to the information system networks we are to protect. While the shield represents a firewall, the helmet, breastplate, shoes, and belt represent the internal protections such as user education, analyzing big data, looking for indicators of compromise and hacking your own system. Each part plays a role in protecting the system.
If one piece of armor is missing, then there is a weakness for the enemy to exploit like if one part of system defense is missing it is an area for an attacker to enter and go about unnoticed. A complete defense will assist you in protecting the network from attackers.
Attachment:- References.rar