The Australian Signals Directorate Top35 list of mitigation strategies shows us that at least 85% of intrusions could have been mitigated by following the top four mitigation strategies together. These are: application whitelisting, updating applications, updating operating systems and restricting administrative privileges. Kaspersky Lab has technological solutions to cover the first three of these (i.e. all the technology-based strategies) as well as the most of the others from Top35 ASD’s list.
Many respected technology-focused organizations have already developed strategies for coping with targeted attacks. Gartner, for example, has issued guidelines for dealing with social engineering techniques, including keeping pace with an evolving threat landscape through ongoing information security education1. While no ICT infrastructure can ever be 100% secure, there are reasonable steps every organization can take to significantly reduce the risk of a cyber-intrusion.
Among all the available strategies, here at Kaspersky Lab we consider the Australian Signals Directorate (ASD) document to be the best publicly available guidelines from a government organization on how to successfully fight APTs. But we don’t just like this list of strategies; we also want to make sure that Kaspersky Lab technologies cover as many of them as possible. Please check the list below. Bear in mind, of course, that not all technologies have something in common with security software:
The Australia’s Signals Directorate’s full Mitigation Strategies list comprises 35 points.
This list of mitigation strategies can be roughly divided into four logical types, according to the implementation approach:
Measures
Brief description
Administrative
Training, physical security
Networking
These measures are easier to implement at a network hardware level
System administration
The OS contains everything needed for implementation
Specialized security solutions
Specialized security software is applicable
Through comprehensive, detailed analysis of local attacks and threats, ASD has found that at least 85 per cent of the targeted cyber-intrusions it responds to could be mitigated by four basic strategies. Three of them are related to specialized security solutions. Kaspersky Lab products include technological solutions to cover these first three major strategies:
Use application whitelisting to help prevent malicious software and unapproved programs from running
Patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
Patch operating system vulnerabilities
Restrict administrative privileges to operating systems and applications, based on user duties2.
In addition, over half of the ASD list could be implemented using our specialized information security solutions. Take a look at the strategies (those related to specialized security solutions) mapped to Kaspersky Lab technologies. We have highlighted the ones that ASD believes account for 85% mitigation:
ASD rank
Mitigation strategy, short name
Kaspersky Lab technologies
1
Application whitelisting
Dynamic whitelisting
2
Patching application vulnerabilities
Vulnerability Assessment and Patch Management
3
Patching OS vulnerabilities
5
User application configuration hardening
Web control (blocking scripts in web-browsers) , Web Anti-Virus
6
Automated dynamic analysis of email and web content
Mail Anti-Virus and Web Anti-Virus, Security for Mail Server, Security for Internet Gateway, DLP for Mail and Collaboration add-ons
7
OS generic exploit mitigation
Automatic Exploit Prevention
8
HIDS/HIPS
System Watcher and Application Privilege Control
12
Software-based application firewall for incoming traffic
Advanced Firewall
13
Software-based application firewall for outgoing traffic
Advanced Firewall
15
Computer event logging
Kaspersky Security Center
16
Network activity logging
Kaspersky Security Center
17
E-mail content filtering
Kaspersky Security for Mail Sever
18
Web content filtering
Web Control
19
Web domain whitelisting
Web Control
20
Block spoofed e-mails
Anti-Spam
22
AV software using heuristics and automated Internet-based reputation ratings
Anti-Malware
26
Removable and portable media control
Device Control
29
Workstation inspection of Microsoft Office files
Anti-Malware
30
Signature-based AV software
Anti-Malware
ASD Strategies that can be implemented effectively using Kaspersky Lab’s product range.
For more detailed data about ASD strategies please consult the mitigation strategies document in the Securelist encyclopedia: part 1, part 2 and part 3. We hope that this information will be useful for system administrators, CIO/CISOs and researchers fighting targeted cyber intrusions.
1 Gartner: Best Practice for Mitigating Advanced Persistent Threats (document ID G00256438). >>>2 Australian Signals Directorate, Strategies to Mitigate Targeted Cyber Intrusions >>>
Source: Kaspersky