OPM breach

Three Things We Can Learn from The OPM Compromise

June 10, 2015 | By

By now, you’ve undoubtedly heard about the breach on Office of Personnel Management. This is close to my heart because they probably know more about me than my parents. The same applies to most of the Percipient team.

There are three things we all can learn from the breach of OPM.

1. Personal information is a target.

This is the third (known) compromise of personal information about people with US security clearances (see the USIS¬†and KeyPoint compromises). It’s easy to see that personal information is a target and the perpetrator is going to find any way they can to access it.

Your approach to security needs to start with understanding your adversaries goals. For many, the target is sensitive information.

2. The adversary got in and stayed in.

This is a continuing trend. According to Verizon, the average time an organization is compromised is measured in months. We don’t know how long this adversary had access, but evidence leads us to believe it will be measured in months.

We feel that our approach of DEFEND/DISCOVER/RESPOND allows you to focus your security operations on discovering this type of long running access. STRONGARM helps you automate the process of ingesting indicators, discovering compromise, and providing the necessary information to take an effective response.

3. Focus on the knowns.

According to ThreatConnect, indicators for this were known as early as February 2015. Maybe we should start focusing our effort on indicators of compromise. We’ve seen this work by building a threat intelligence program that consumes indicators of compromise, applies them to your network, then uses additional indicators found during incident response to improve security operations and incident response. This is what we believe all organizations should do.

This is why we are building STRONGARM. STRONGARM takes action on these indicators to DEFEND your business and people, DISCOVER adversary accesses, and offer you insight to RESPOND more effectively.

Are you concerned about these types of compromises? Let us help you DEFEND, DISCOVER and RESPOND to adversaries targeting you.