Page 2 of 2
“Sony needs to find the advanced persistent threat or threats that likely are sitting deep in their network. The hacker community is not coming in through the front door -- they aren’t knocking holes in the firewall. It has to be some sort of back door into these networks and companies like Sony need to put some sort of protection mechanisms in place to identify these advanced persistent threats and shut them down,” said Stephen Gates, director of field engineering at Top Layer.
Gates said that specifically, Sony needed to identify compromised machines using some kind of intrusion prevention designed to analyze protocols coming in and out of the network, and subsequently identify the anomalies in order to shut them down.
“Most companies are concerned with what is coming and never look at what is leaving. If they were to look more closely at what was leaving their network, they would find these advanced persistent threats,” he said.
One security expert said that the string of Sony attacks called into question the strength and effectiveness of the Payment Card Industry Data Security Standard , in light of the fact that Sony had been compliant with its mandates.
“One question comes to mind. With all of this data lost, if a PCI compliant corporation can be this easily targeted and compromised, is PCI a good standard to measure security posture?” said Guy Bruneau, SANS Institute security researcher, in a blog post.
Meanwhile, Chester Wisniewski, senior security advisor at Sophos, said in a blog post the attack against Sony Pictures is more of the same for the company, but underscores the need for users to question the security of any organization housing sensitive or personal information and utilize strong passwords.
“The take away for the average Internet users is clear,” Wisniewski said. “Don’t trust that your password is being securely stored and be sure to use a unique password for every Web site to limit your exposure if hacks like these occur.”