When it comes to cyber attacks, “the stakes are too high to ignore the problem,” according to InfoWorld (http://tinyurl.com/2fk3vt6) in an in-depth report on electronic espionage.
The attacks often bypass typical security tools that companies implement to protect their data assets. Once inside the system, the electronic spies quietly gather data over time without causing disruptions that could alert integrated security tools or draw suspicion from a company's IT security team.
Neil MacDonald, vice president at research firm Gartner, says, "as many as 75 percent of enterprises have been or are being infected with undetected, financially motivated, targeted attacks that evaded their traditional perimeter and host defenses."
The simple fact is that widely used data protection methods aimed at "defending the perimeter," are not enough to protect against more and more sophisticated threats such as electronic espionage. There are far too many methods by which the perimeter can be penetrated, both through direct and indirect attack. Applications in the enterprise, in the cloud, distributed applications and applications in end point devices are the new focused target of attack by organized crime.
This is a good time to re-post what I call my "application commandments."
1.) Applications can and should detect and notify of debugger attachments.
2.) Applications can and should protect critically sensitive code through encryption and dynamic decrypt/execute/re-encrypt operations.
3.) Applications should utilize multiple levels of networks of self-guarding techniques, with a variety of overt and subtle response actions, to ensure that persistent attacks are foiled at some level.
4.) Enterprise applications should have these response actions wired into the security monitoring systems deployed by the enterprise.
These practices need to become commonplace and part of our general software lifecycles. We need to keep up with the organized criminals, and right now our software is falling woefully behind.
skip to main |
skip to sidebar
Discussion on the latest application security developments and issues, including piracy, code protection, application hardening and cybersecurity.
