Operation Aurora- Don’t Wait to Be Notified By the FBI

Sitting around checking email and I got some marketing spam from my own company, NetWitness. Direct customer notification is not something we are known for, so it kinda surprised me a little. But the email was pretty awesome. It talks about the Operation Aurora attack in which several of the fortune 500 companies were spearphished, had advanced trojans dropped on their systems and then had much of their intellectual property and valuable data siphoned away to China. It happened to Google. Symantec too. Yahoo. Juniper, Rackspace and Northrupp Grumman. And many more.

My company is drawing a clear line in the sand- companies have to stop losing the cyber war. Our email bulletin said:

You have a choice: The NSA or FBI can sit down with your CEO and report your company’s network compromises, or you can be the one telling them that an attack was detected, thwarted, and steps were taken to prevent it from happening again. Which scenario sounds better to you?

It also links back to a recent blog at our networkforensics.com site here which says:

I was helping a fortune 500 customer yesterday determine if they were targeted by Operation Aurora. From everything we know to date, they were not. How do we know this? We looked. In 15 minutes or so, we looked back over the last 6 months of every bit and byte that has left that company, and compared every hostname, IP address, and HTTP URL that have been associated with these attacks. This is the power of full network surveillance, and this is why you MUST be performing real-time continual deep analysis of your network activities.

You can’t be serious about your network protection if you aren’t forensically capturing all traffic and analyzing it for these new types of malware. Firewalls can’t do it. IDSes and IPSes are as effective as anti-virus, which means little to not at all. They only stop what they know about. And you can’t tell them what to stop if you don’t look at what you are allowing in and out of your network.