How hackers are defeating Government defenses

Over the last several years we have been watching as technology has been evolving, but standard models of defense have remained static in Government. The Government strategy has been to make it costly for threat actors to stay active by chasing them and reporting their indicators as the sources of attacks evolve. By doing so, this makes threat actors have to change their attack methods and sources often, thereby making it harder to impact infrastructure and targeted entities. This is the equivalent of swatting flies and is actually very costly for the organizations publishing data. This never ending cat and mouse game never ends and is inefficient, costly and highly ineffective. So what can we do to improve this situation.

Here are some ways that our working group have come up with that may fix this issue:

  • Instead of swatting flies (IOC tracking) we need to be swatting the tools themselves that are being used. By rendering the tools themselves useless, this really causes the threat actors to have to redevelop whole campaigns instead of just changing where attacks originate

  • Three strikes your out model. One of the issues the working group has seen is that the same compromised host are used over and over to launch attacks. If hosting providers can't clean their source networks, then their entire networks should be blocked. This is an incentive to get network and hosting providers to do their part to stop abuse, today they simply ignore request and rarely if ever take action even with evidence showing their infrastructure was used to carry out harmful attacks. In this model if you fail to respond on three occasions, your network should be blocked until you remove the offenders

  • Contribute attack data not indicators of compromise. Actual data showing what happened that can allow systems (IDS/IPS/Firewalls) to identify and drop traffic is more useful than where the attack originated. These patterns are used to drop malicious traffic instead of just alerting to the activity

  • Effective sharing - Today the Government relies on STIX and TAXII to move indicators around. The issue is that this is a publication type service. Just having the information is not useful, actually using the information to take action on the other hand is much more valued.

We have been trying in earnest to work on solutions that are wholly effective to protect our Government partners and fellow contractors but these pushes keep falling on deaf ears. We have launched a working group and will be publishing the results of our research by years end.

#Government #Technology #Opinion


Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.