My take-aways to make these guys' (and other nation state attackers') lives harder:
- They get an edge by knowing the network better than the people running it.
- 0-days are not such a huge tool for them (!). They can breach most corp networks using known vulnerabilities. So use recent software!
- User awareness can only help up to a point. Beyond that (for advanced persistent threats), the users can always be tricked into clicking. You must have technical measures to defend against those.
- Older protocols are usually targeted because they are easy to sniff/decode. There is no use in upgrading your apps to use latest (e.g.) SSO technologies if one still uses legacy.
- One of their worst nightmares: an out-of-band network tap, monitoring for anomalous behavior.
- Don’t use old-school AVs which rely only on signatures, use something with reputation checking.
No comments:
Post a Comment