eBooks/eGuides

CHAPTER 2 Security Challenges in Hybrid Clouds 31 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Targeted "Low-and-Slow" Attacks and APTs Targeted attacks and APTs against specific organizations or indi- viduals are another major concern. In this case, attackers often develop customized attack mechanisms to take advantage of the specific equipment, systems, applications, configurations, and even personnel employed in a specific organization or at a given location, and quietly collect sensitive data over extended periods. These "low-and-slow" tactics are designed to avoid detection for as long as possible. Whereas the average time for an organiza- tion to identify a breach in 2019 was 206 days according to the Ponemon Institute, a targeted "low-and-slow" attack or APT may go undetected for years (see the "Carbanak: The great bank robbery" sidebar in this chapter). APTs are a class of threats that often combine advanced mal- ware and botnet components to execute a far more deliberate and potentially devastating attack than other types of attacks. As the name applies, an APT has three defining characteristics: » Advanced: In addition to advanced malware and botnets, the attackers typically have the skills to develop additional exploitation tools and techniques and may have access to sophisticated electronic surveillance equipment, satellite imagery, and even human intelligence assets. » Persistent: An APT may persist over a period of many years. The attackers pursue specific objectives and use a low-and-slow approach to avoid detection. The attackers are well organized and typically have access to substantial financial backing to fund their activities, such as a nation-state or organized crime. » Threat: An APT is a deliberate and focused, rather than opportunistic, threat that can cause real damage. A botnet is a broad network of malware-infected endpoints (bots) working together and controlled by an attacker through C2 infrastructure. The increasing speed and sophistication of threats emphasize the need for proactive countermeasures with extensive visibility and control at the application layer of the network computing stack.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA