The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/696855
23 WWW.ILTANET.ORG BEST PRACTICES Cybersecurity's Uncertain Future: More Threats Call for New Defense Strategies A new open-source code called DCEPT allows administrators to put fake passwords into memory on endpoints. The soware code contains a tripwire that alerts an administrator when someone uses one of the fake passwords, exposing the aacker hiding inside a network. DCEPT works for all versions of Active Directory and is available for free at github.com. Cloud Controls Most organizations are already using cloud services, given that staff members are probably using applications, including personal email hosts and Dropbox, without having them veed through the IT department, puing company data at risk. Organizations will need cloud controls like an intrusion detection/protection, 24/7 monitoring and penetration tests and vulnerability assessments. Organizations that want to protect their data in the cloud will use cloud access security brokers (CASBs) to enforce policies and protect data. and two-factor authentication will be used to obtain money from an ATM or to make a credit card purchase online. Credit card companies could request that people use their phones to show videos of themselves in the moment before authorizing a purchase. Whitelisting won't suffice. Not only can adversaries live inside the network using tools native to the operating system, they can also break inside networks using authentic credentials and then add their malware to the organization's whitelist. As the internet grows with more devices and more ways to connect to it — like Light Fidelity (Li-Fi) — it will become even more important for organizations to know of threats occurring outside their networks. Knowing what aacks are being seen elsewhere and what those aacks look like will help companies block them or recognize them when they have been hit. Once an aacker is inside a network, he might change files at the registry and kernel layers. When anything occurs inside a network — whether someone opens, changes or transfers a file — if that activity is not normal, the organization will usually receive an alert. Oen, the activity is harmless. However, when these "harmless" individual activities fall into certain successions or paerns, the activities are oen found to be malicious. Working with managed security service providers will become necessary to ensuring security because they will have a roster of customers familiar with the activities and paerns of activities found to be threats. Frost & Sullivan estimates that the market for North American managed security services totaled $3 billion in 2014 and is expected to grow to $6.3 billion by 2019, representing a compound annual growth rate of 16 percent. Honeypots and Honeytokens Organizations will use more honeypots and honeytokens to detect intruders in their networks. A honeypot is computer soware or a device created to be aacked and allows your security team to watch the aackers' hostile activities. Honeytokens contain digital data created and monitored to indicate when an organization has an intruder. These tokens oen appear to be valuable information, such as passwords or trade secrets, but the data are fake and planted throughout the network on different computers. JEFF MULTZ Jeff Multz, Director and General Manager of Japan for Dell SecureWorks, has been working in information technology for more than 25 years. He presents more than 250 live talks to organizations across North American each year and has authored more than 200 articles on a variety of security topics. Contact Jeff at jmultz@secureworks.com.