* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Uncategorized](https://www.paloaltonetworks.com.au/blog/category/uncategorized/)
* Cybersecurity: A Fight on...

# Cybersecurity: A Fight on Two Fronts

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2011%2F08%2Fcyber-security-a-fight-on-two-fronts%2F)  
[](https://twitter.com/share?text=Cybersecurity%3A+A+Fight+on+Two+Fronts&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2011%2F08%2Fcyber-security-a-fight-on-two-fronts%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2011%2F08%2Fcyber-security-a-fight-on-two-fronts%2F&title=Cybersecurity%3A+A+Fight+on+Two+Fronts&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2011/08/cyber-security-a-fight-on-two-fronts/&ts=markdown)  
\[\](mailto:?subject=Cybersecurity: A Fight on Two Fronts)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Aug 30, 2011  
6 minutes  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[circumvention](https://www.paloaltonetworks.com/blog/tag/circumvent-security/?ts=markdown)  
[threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention/?ts=markdown)

While talking with a few federal security analysts at the recent GFIRST Conference, I was reminded of just how challenging the job of information security really is at the government level today. Most anyone who follows security, knows that state and federal agencies have been repeatedly targeted in the recent rash of network breaches. However the thing that really stands out to me is that these agencies are in actuality engaged in a battle on at least two fronts -- each with unique adversaries who use very different techniques and have very different goals. On the one hand you have decentralized, opportunistic attacks driven by political motivations such as the hacking group Anonymous, and on the other you have very well organized and targeted attacks supported by nation-states and organized crime. Both of these classes of threat are very real, but take very different approaches to breaching the network. Lets take a look at both of these scenarios in turn.

Anonymous and the many groups similar to them are at their heart, politically motivated and as such are more than happy to have their battles in public. As a case in point, the recent AntiSec campaign has seemingly deviated away from whistle-blowing activities to simply attempting to embarrass the government by publishing email exchanges, login credentials, internal documents, and personal information of government employees and actively serving personnel. The targets of the attacks have been equally opportunistic, targeting federal, state and local government, and all levels of law enforcement and the U.S. military.

In terms of technique, many of the breaches have been relatively straightforward, relying on SQL injection and targeting known vulnerabilities in exposed websites and resources. The challenge for this type of attack is not the innovation of the attacker per se, but rather the enormity of the attack surface. The next-generation firewall can help reduce the attack surface and enforce policies based on application and user that can significantly reduce the exposure.

* **Reduce the Attack Surface** -- Agencies need to limit the applications and users that have access to databases and other servers. There is no need for an unknown user to be talking to a database server, for example. Simple policies like this can easily reduce the opportunities for an external attacker.
* **Cover the Basics, Universally** -- The reliance on known vulnerabilities and techniques means that traditional vulnerability audits and intrusion prevention are a must. However, these must be consistently enforced everywhere, even when users travel off-site.
* \*\*Strong Segmentation and User-Based Controls --\*\*Limit the scope of an exposure and detect user roles attempting to access restricted information
* \*\*Control Applications That Can Transfer Data --\*\*Once a system is compromised, the attackers may still have the problem of getting the information out of the network. By monitoring and controlling applications that can transfer files, security teams can prevent restricted data from leaving secure zones of the network.
* **Prevent the Use of Tor, Encrypted Tunnels, P2P and Proxies --** Heavily used by Anons to both preserve their anonymity and to hide the destination of exfiltrated data.

While keeping up with Anonymous-style attacks could be a full-time job on it own, the government is also engaged with a very different type of adversary. In this case the key operators are nation-states and organized crime, who are far more targeted, organized and stealthy in their approach. These attacks represent even more risk simply due to strategic nature of the information being targeted.

Targeted attacks typically begin with a spear-phishing campaign focusing on carefully selected and researched individuals. The targeted user is compromised with malware (often by a drive-by-download), and the infected machine can then be used to expand the operation deeper into the network and into more secure areas. These attacks have all the hallmarks of today's most sophisticated attacks such as customized malware, advanced command and control infrastructures, and heavy reliance on evasion techniques that allow the attack to hide from traditional security solutions. (You can learn more about the lifecycle of these attacks in our recent Threat Review [here](http://www.paloaltonetworks.com/events/threat-review/ep5/index.php "here")).

For these attacks, full visibility and control of traffic at the application is an absolute prerequisite. Targeted attacks excel at circumventing security controls throughout the lifecycle of the attack, and security staff must regain control in each of these steps:

* **Detect and block drive-by-downloads** -- These attacks deliver malware to a target simply by luring the user to an infected webpage. This has the advantage of delivering the malware in real-time to a machine that has been compromised by the website.
* \*\*Control applications known to deliver malware --\*\*Obviously not all applications are created equal, and hackers have their own list of favorites based on their ability to evade security and transfer important information. Palo Alto Networks makes it easy to target these applications by policy by creating application filters.
* **Control All Traffic on All Ports** --Advanced malware is quite prone to hiding command and control traffic over non-standard ports to avoid inspection. As a practical example, the firewall should recognize and prevent malware that is attempting to send IRC traffic over a non-standard port.
* **Detect command and control traffic** -- This is the life-blood of an advanced attack, enabling the attackers to finely control an ongoing attack.
* **Detect and block the use of unapproved proxies or unapproved encryption** -- Again, keeping an attack hidden is of paramount importance in targeted attacks, and proprietary encryption, SSL, proxies and reverse proxies are standard tools of the trade.
* **Search for anomalous behavior using the Behavioral Botnet Report**-- The Botnet Report exposes and correlates a variety of behaviors that indicate the presence of a user who is infected with advanced malware.

While these are hopefully helpful examples, the common thread across all of them is the need to have full visibility across all types of applications and users. Attackers of all types thrive on their ability to find and exploit our assumptions, whether its an evasive botnet hiding traffic on a non-standard port, or a simply a user who is unprotected by IPS when outside the office. The real key is the need for full, consistent visibility and control of all our traffic.

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### A Day in the Life with Your AgentiX Automation Engineer Agent](https://www.paloaltonetworks.com.au/blog/security-operations/a-day-in-the-life-with-your-agentix-automation-engineer-agent/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Beyond the Cloud Dashboard: Exposure Management Requires Full-Scope Visibility and Real Action](https://www.paloaltonetworks.com.au/blog/security-operations/beyond-the-cloud-dashboard-exposure-management-requires-full-scope-visibility-and-real-action/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### From ILOVEYOU to AI Defenders -- 25 Years of Email Evolution](https://www.paloaltonetworks.com.au/blog/security-operations/from-iloveyou-to-ai-defenders-25-years-of-email-evolution/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### The 3Cs of AI Red Teaming: Comprehensive, Contextual \& Continuous](https://www.paloaltonetworks.com.au/blog/network-security/the-3cs-of-ai-red-teaming-comprehensive-contextual-continuous/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Securing Shadow AI with Cortex Xpanse](https://www.paloaltonetworks.com.au/blog/security-operations/securing-shadow-ai-with-cortex-xpanse/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### SIEM Replacement Made Easy (Yes, Really!)](https://www.paloaltonetworks.com.au/blog/security-operations/siem-replacement-made-easy-yes-really/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language