Current Filter: Security>>>>>Feature>

   

So how can organisations protect themselves against such exploits? "The first line of defence, argues Galindo, is a solid patch management strategy. "Software vendors constantly identify and fix exploits. The sooner an organisation can deploy these fixes, the sooner it will be protected against attacks these patches address. A second line of defence is running periodic vulnerability assessments. Not all issues are fixed in a timely manner - mainly because, before deploying a patch, it needs to go through extensive testing - but being aware of the issue can allow you to mitigate and even potentially secure a vulnerability from being exploited until this is fixed by the vendor."

But exploit prevention goes deeper than patch management and vulnerability assessments. The two techniques tackle known issues, but what about those issues that haven't made the headlines yet? The ones that aren't yet known even by the software vendor.

"If an organisation is running bespoke software developed in-house, there will not be any public exploit reports, so vulnerability assessments might give a clean bill of health, even when this might not be the case," he cautions. "To mitigate this issue, exposed applications are passed through a penetration testing process. Even when buying commercial products, it is sensible to have applications go through the same process. Just because a piece of software is widely used, it doesn't mean potential issues have already been discovered."

Finally, he says, it is wise to remember security is more of a process, rather than a one-time solution. "The best approach is to implement different layers of security. That way, if something does get through your first line of defence, in this case your exploit prevention technology, controls are in place to deal with any malware they may have been deployed. Anti-virus solutions, network behaviour analysis and log monitoring are just a few of the options available to layer your security. If system access is gained, you will be in a position to quickly detect it and mitigate the damage done in a timely manner."

ABSOLUTE MUST
Preventing the exploitation of software vulnerabilities is extremely desirable, of course, but their detection is an absolute must for organisations and their security operations team, states Matt Walmsley, EMEA marketing director, Vectra Networks.

"When a breach occurs, time is a big expense when it comes to detecting the cyber threats and malware that seek to take advantage of software vulnerabilities and poorly configured systems, and unpatched platforms. The proliferation of new malware variants makes it impossible to detect and prevent zero-day threats in real time. Firewalls and IPSs generally perform well in blocking known threats, whilst sandboxing solutions take at least 30 minutes to analyse a file and deliver a signature for those new threats that they are able to identify - and by then threats will have spread to many more endpoints across the network.

"No perimeter defence is foolproof, as they represent a singular endeavour to block the bad actor's initial entry attempt," Walmsley adds. "User and device mobility also mean that an unsuspecting user can often physically walk in a threat on their device into the organisation and unwittingly introduce the threat directly into the network."

In 2014, hacker penetrations went undetected in networks for an average of 205 days. "This is the time gap between when preventing the cyber attack failed and the clean-up work started. What organisations need are tools that address this gap by identifying the activities of the attacker inside a network before a data breach occurs. Such advanced attacks are associated with the large data loss or significant service outage that makes the news increasingly frequently. They're slower to build, but devastating in impact."

Page   1  2  3