Dec 14 2015

Attackers Have New, Stealthy Ways to Access Data

The IT security landscape is changing, and major threats will continue go unnoticed unless law firms focus on detection, not prevention.

Attackers target organizations of all kinds and sizes because virtually every enterprise has valuable data. Law firms are no exception. Keeping a strong posture against today’s threats has become a necessity for law firms, but new and stealthy attacks make the task more difficult.

Advanced persistent threats (APTs), for example, can linger within an enterprise for months or even years. Once an attacker gains unauthorized access to a law firm’s computing resources, the attacker slowly and methodically expands that access over time to locate and steal sensitive data. Traditional security controls that detect attacks, such as anti-virus software and intrusion detection systems, often miss APTs, allowing these compromises to go on for extended periods of time.

The rise of APTs has caused a shift in the entire security paradigm. Before APTs, law firms could count on their security controls to stop almost all attacks before they succeeded. However, these security controls may not be effective against many newer threats, including APTs. So law firms are powerless to stop a larger number of these attacks from succeeding.

The security community has finally begun to shift from a prevention mindset — striving to identify and block every attack attempt — to a detection mindset. In a security environment that focuses on detection, security controls are based on the assumption that compromises will occur, and detecting those compromises as soon as possible is critical so the damage can be minimized.

Accordingly, advanced threat defense tools have emerged that focus on detecting APTs and other compromises; for example, FireEye Endpoint Security (HX series). Such tools work by searching hosts for indicators of compromise (IOCs), which are basically traces of an attack that can be used forensically to pinpoint the root cause of a compromise. These IOCs are constantly being mined from a wide variety of sources of threat information. This data is then analyzed to create what is known as threat intelligence. Threat intelligence is frequently updated on each client running the tool so that new threats can rapidly be identified and mitigated.

For more information on avoiding data breaches, read the white paper “Cybersecurity for Law Firms.”