“What’s different now is that our enemies, or those that want to gain access to our digital assets—be they organized crime or nation states, hackers, or bank robbers—have found ways to get inside the system so it’s more of an insider threat,” said Suzanne Magee, CEO, TechGuard Security.
A term that’s been around for a while but likely will get more prominent is the concept of “advanced persistent threat.” This is loosely defined by Damballa Inc., a security firm in Atlanta, as a highly sophisticated cybercrime directed at business and political targets that is conducted through continuous monitoring and interaction, to achieve a specific outcome—such as disruption of service, data theft, or degradation of operations.
For instance, Magee said, “Perhaps there already are zombies or malicious code placed on your system that now could be activated into an attack…Through these advanced persistent threats they could already have control over some of the things in your network. Now would be a time that they’re going to take retribution by attacking those.”
That possibility has already caught the eye of law enforcement agencies. Two years ago, in testimony before the Senate Judiciary Terrorism and Homeland Security Subcommittee, Steven Chabinsky, deputy assistant director, FBI, said: “Our adversaries’ use of computer network exploitation—the ability to monitor our networks and steal our secrets—might simultaneously provide them with prepositioned capabilities to conduct computer network attacks.”
Banks for years have employed multiple layers of computer protection from external attacks, including firewalls, routers, encryption, segregation of data, monitoring, and more. “You’re always going to have those who are going to try to penetrate your defenses. It’s all about risk mitigation. You shouldn’t stop using firewalls, encryption, segregation, and monitoring, just like you shouldn’t stop putting locks on the doors,” Magee said.
But that’s not enough anymore. What’s needed is a means to reduce the threat vector, or the window through which adversaries can gain access, or take data out, of critical systems.
Magee’s company, TechGuard Security, offers such a product called PoliWall, as does a number of other companies. They include Checkpoint, Cimcor, Juniper, Layer7Technologies, and Xceedium. What differentiates these companies is that their security products have been validated by the federal National Information Assurance Partnership through its Common Criteria Evaluation and Validation Scheme for IT security. Specifically, these particular companies have attained the Common Criteria EAL4 Augmented validation.
[A complete list of companies and their validations is available at http://www.niap-ccevs.org/vpl/.]
Magee explained how her product, PoliWall, works. It’s basically a black box mounted on a rack and is connected between the border router and the firewall. It controls access, both inbound and outbound, by IP address or groups of IP addresses, which could include those from entire countries. It uses an advanced filter, called a high-speed internet protocol packet inspection engine, to rapidly identify traffic sources. A graphical interface allows the user to call up a map of the world and select individual countries or entire regions. By clicking on them, the system automatically blocks the connection.
“When you’re speaking of finance, you do not need everyone all over the world to be able to have access to your network…For instance, you can decide, well, for my email server, I know right off the bat that we are not going to be doing business with Belarus, or you could pick any number of countries, and just click them off,” Magee said.
Such a system also helps comply with Patriot Act requirements to restrict the flow of funds to designated places. Through operator selection, assisted by automatic database updates, malicious money transfers out of the bank can be negated, Magee said.
As global threats intensify, the whole idea, Magee said, is to “reduce the attack space by blocking countries that you don’t need to be open to.”