If you want to stop the NSA and other nation state actors, there's one precept that comes before all others: "If you really want to protect your network, you really have to know your network."
That's the advice of Rob Joyce, and he should know. Joyce is the National Security Agency's Tailored Access Operations head. In other words, the United State's Hacker in Chief, and earlier this year he provided a rare look at how to foil his team, or at least make their job a little more difficult.
The talk is now online, and offers a great overview about how to think about your network and enterprise security, particularly when facing attackers with a large budget and plenty of time on their hands.
Joyce breaks attacks down into a number of phases:
- Initial Exploitation
- Establish Persistence
- Install Tools
- Move Laterally
- Collect Exfil and Exploit
Today, you need multi-layered defenses that are prepared for not if, but when, key areas are penetrated. Watch Joyce's entire talk above, and let me know what you think in the comments.