- Anti-DoS and DDoS attack tools (at the network and application layers)
- Network behavioral analysis tools with real-time signature writing capabilities
- Intrusion prevention systems
- Application-level active defense mechanisms such as challenge and response
- Active emergency counter-attack strategies (Smart Hands/Man-in-the-Loop Capability).
The second key technology ingredient required is behavior analysis, which is geared toward finding ‘anomalous’ activity and can distinguish legitimate from illegitimate traffic and mitigate the nefarious nature of the latter. In today’s world, the new threats are coming at you masquerading as legitimate users and your defenses need to see past these cyber masks.
The lessons we can learn from Operation Last Resort is that this well coordinated cyber attack is an existential threat to many of the federal agencies that were targeted, and it has threatened the fidelity and integrity of the network security that was put in place to protect. We can also deduce that traditional network border devices are no longer sufficient to provide protection of an organization and the comeuppance of application-level threats.
Part of a new security strategy is employing powerful “attack detection and mitigation systems” which include, among many things, anti-DDoS to keep applications up and resilient. These technologies are not the technologies we all think of as tried-and-true. No longer is the firewall the key vanguard protector. The IPS is no longer adequate to find masquerading and marauding actors hidden behind ‘legitimate’ signatures. Today’s attack mitigation systems require technology to unmask automated digital armies cloaked as legitimate connections, and unearth the nefarious and deadly ‘slow’ attacks.
As other breaches have not been made public and the exact number of computer systems that were hacked into is not yet known, the FBI stated in a memo that this is a “widespread problem that should be addressed.”
Given the severity of this breach on our government’s network, it can safely be assumed that legislators will continue to drive prescriptive steps in order to bolster network security and impose greater sentences in order to deter hackers. After all, if these strong and heavily fortified U.S. government computers fell victim to this breach, how can more “ill-prepared” industries such as healthcare providers, educational institutions as well energy and manufacturing, be prepared without dramatic and quick change to their security programs? Who is next? One has to ask themselves if they’re ready for such attacks. If not, then when?