Monday, December 19, 2011

Endpoint Security is Changing Fast

Sophisticated social engineering techniques for hacking are becoming the norm. And it is moving fast, such that traditional tools don't do the job any more. Advanced Persistent Threat (APT) is one of the manifestations of this trend. It involves sending malware to people disguised in something that is likely to appear to them and to fool them. APT messages are very customized, based on knowledge of a person that is obtained from information available in the internet, through such social media as Facebook and perhaps other sources.They can even follow shortly after a person performs some action, such as paying bills on their bank website. In such a case, they might receive a message that their transaction has failed, or that their account has gone into an overdraft and they should log in (to a bogus account) and verify it. There are countless variations.

Most of us are aware of many of these messages and don't get fooled by them. However, there is a possibility that one variation might be sufficiently relevant that we are fooled, and it might only take once to cause a lot of damage.

Companies are exposed because all of their employees are exposed, and might inadvertently expose corporate assets to theft or damage.

Various solutions are available, many cloud based, that are particularly designed to keep up with the rapidly changing trends in this area. It is imperative to keep up with these tools. Such knee jerk reactions as prohibiting employees from using Facebook and the like just won't work. But some clearly defined and carefully designed policies around the use of corporate computers, resources and IDs are badly needed.

For more, check out this article.

No comments: