HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

Know Your Enemy – Not just what they are up to…

Screen Shot 2013-11-25 at 13.01.20.pngI've talked about knowing yourself and preparing to actively defend your enterprise now I want to talk about “knowing” your enemy. When you use the Cyber Kill Chain model you are analyzing the current activity of your enemy and broadly what their next step will likely be. However, this is not “knowing” your enemy. The latest thinking in security operations, HP’s 5G/SOC, talks about acknowledging that we are not dealing with just a technology problem but a human problem. Studying those humans is a valuable use of the defenders time.

 

Who are these people? Humans are creatures of habit; they can't help but repeat themselves (see I just did it...). And their probable motivations, observed behaviors and criminal psychology give a very powerful predictor of their “next expected event” as well as the capability and resources they are brining to the cyber attack. 

 

How you defend your network should be heavily influenced by whom you are defending against. A Nation state that has specialists in each of the kill chain disciplines is very different from a loose group of hacktivists who disapprove of some aspect of your business. In the first instance an over-reaction is warranted but in the latter the more you over-respond the more you lose the Public Relations battle and add to your problems.

 

While this is too complex of a subject to answer in a blog post (or possibly even answer at all) we can brainstorm on the types of questions to ask to deepen our understanding of the attacker's peculiarities and resulting tradecraft. The ability to associate details of tradecraft (IOCs) with specific groups or individuals and use this for positive attribution as well as to calibrate the most effective response is the “holy grail” of cyber intelligence. 

 

One great starting point for this type of research is the cyber criminal arrest records from the DOJ and Interpol. Another good source of information is the geographic distribution of these folks. We are all products of our culture and cannot help but leave distinct cultural fingerprints on our work. The American hacktivist, German hardware hacker, Ukrainian organized criminal and the Chinese spy are all very distinct from one another (if somewhat sterotyped) and there are traits that are visible in log files for each. They also each have different targeted outcomes that are important for a defender to understand.

 

Knowing your enemy is an exercise in sociology, psychology and economics not just technology. For more information on how HP’s enterprise security products can help you know your enterprise to defend your critical information visit hp.com/go/espservices.

Tags: Defense| HP| security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.