Who’s in Your Network?

In the wake of undiscovered data breaches and subsequent public exposure, regulatory compliance and security audit standards are becoming ever more important to protecting critical assets.

Despite the increase in the number of data breaches via illicit means, internal controls seem to fail when it comes to the assurance that critical assets remain uncompromised.
According to the Identity Theft Resource Center a total of 336 breaches have been reported in 2008 alone, putting the overall number at 69% greater then this time last year . This is a concern for security teams especially given the fact that a lack of dedicated resources exist to combat and revert this trend.

This is significantly important to take into consideration when going through the formal audit process to certify adherence to Sarbanes-Oxley (SOX), Graham Leach Bliley (GLBA), Payment Card Industry (PCI), or Health Insurance and Portability and Accountability Act (HIPAA).

With the significant increase in data exposure corporations can’t afford to take short-cuts when it comes to information assurance. Otherwise it is almost certain that one will become a victim of a serious exposure of sensitive information. This paper will explore the several disconnects between established and accepted security audit framework and the variable of hidden infections.

The problem as it exists today – hidden threats from within

The variable of hidden and unidentified infections will almost certainly introduce a degree of unknowingness and concern when it comes to the protection of sensitive information and adherence to regulations.

More and more malware seen on the market today is designed to target specific platforms and the users that interact with them. Banker Trojans for example are an increasing concern for the financial and e-commerce communities; as a result malware is targeting specific payment or banking platforms advertently stealing credentials, therefore; fueling a rise in financial and economic fraud.

According to a recent study, annual revenue loss due to online fraud in 2007 amounted to $3.6 billion and is a trend that is to be consistent for 2008 and beyond.
Online fraud and the use of targeted phishing campaigns have evolved in parallel to each other and are expected to continue to steadily increase. Furthermore, these tactics have become very popular amongst the hacker elite and have taken an evolutionary step forward in sophistication and complexity.

What’s more of a concern is when tailored malware is involved in a targeted attack against a corporation’s intellectual property. These threats most often will remain under the radar for long extended periods of time, thus, going undetected by resident security software until it’s too late. The number one reason as to why these undiscovered or hidden threats exist is due to the limited distribution and the complexities involved with the attack – always targeting a few key individuals. Therefore, resulting in malcode that researchers never see nor analyze, thus, no signature defense is created.

How TBG Security Can Help

TBG Security provides end-to-end information security solutions. We have a proven track record of helping our customers gain efficiencies through technology support and implementation. Our experienced network of security experts has subject- matter expertise in a broad array of disciplines.

Through our industry expertise and track record with PCI and other compliance requirements for over 15 years, TBG Security acts as a trusted advisor to its clients around the world. We are on hand to guide our clients through their compliance program, to provide often vital advocacy to the compliance organizations and , and to supply any necessary remediation services. Our Industry expertise is reflected in these key benefits:

• The Shortest Path To Compliance. Unlike companies that simply know network security, we understand the requirements for a broad range of compliance regulations. We’ve seen the issues before and have implemented solutions across a broad spectrum of industries and customer profiles. Few other vendor can apply this unique knowledge and expertise to achieve faster, higher integrity project completion.
• Flexible Solutions. We pride ourselves on our customer driven approach to solving your organizations security challenges. TBG does not partner with any security vendors leaving us with a unique ability in the industry to present truly objective solutions. Our managed solutions are presented as a cost effective method to reduce overall operational costs, and are provided only as a small piece of the security puzzle. Technology is only part of a comprehensive security program. TBG understands, and everyday helps to educate its customers on the role that people and process play in solving the security puzzle.
• Commitment To Excellence. Although many vendors offer services to companies seeking compliance and auditing solutions, few providers match TBG’s expertise, intelligence-gathering capabilities, commitment to open standards, or role as trusted advisor. TBG leverages regulatory knowledge, training, and experience; best-of-breed solutions; a global network of proven technology; and its history of stability and trust to deliver solutions that are not only effective, but also make the best use of existing in-house personnel, technology, and processes.