October 5, 2019

NSA gives defense advice

The NSA’s Tailored Access Operations unit gives a talk about how they attack the rest of the world. Very interesting for us defenders. 



My take-aways to make these guys' (and other nation state attackers') lives harder: 

  • They get an edge by knowing the network better than the people running it. 
  • 0-days are not such a huge tool for them (!). They can breach most corp networks using known vulnerabilities. So use recent software! 
  • User awareness can only help up to a point. Beyond that (for advanced persistent threats), the users can always be tricked into clicking. You must have technical measures to defend against those. 
  • Older protocols are usually targeted because they are easy to sniff/decode. There is no use in upgrading your apps to use latest (e.g.) SSO technologies if one still uses legacy. 
  • One of their worst nightmares: an out-of-band network tap, monitoring for anomalous behavior. 
  • Don’t use old-school AVs which rely only on signatures, use something with reputation checking.

No comments:

Post a Comment