Current Filter: Security>>>>>Feature>

   

"We see evidence of this every year at the Pwn2Own event, sponsored by HP. If you're not familiar with the event, white hat hacking teams are invited to attend and compete to see if they can break out of the latest releases of all major browsers. At the most recent Pwn2Own event in early 2015, the big winner was a 19-year-old from South Korea, who successfully exploited Chrome in less than two minutes! In fact, all major browsers suffered the same fate. None of them was secure."

IT security teams typically try to compensate for browser insecurity with a multilayer, defence-in-depth security architecture consisting of firewalls, secure web gateways, IPS, content analysis engines, AV, and more. "The general idea is that, if the first line of defence does not detect and block the threat, then hopefully the next layer will," comments Jones. "But the headlines we see each on the latest successful cyber attack suggest that legacy, detection-based technologies are becoming increasingly ineffective. The Ponemon report revealed that IT organisations are becoming desperate to solve this malware problem, which is why many IT organisations are now considering next-generation approaches, such as isolation technology, to prevent attacks before they start.

"As you consider strategies to protect you own organisation, it's important to understand that, while cybercriminals only have to succeed once, your success requires nothing less than 100% protection. We will lose this battle, unless we're willing to think differently about network security."

LARGE-SCALE DESTRUCTION
There is common agreement now that, in today's world, it is not will you be attacked, but when - or even that you have been attacked already, but just don't know it yet. It is a situation all too familiar to Grayson Milbourne, security intelligence director at Webroot.

"Large-scale destructive cyberattacks began over a decade ago, but they have become much more frequent in recent times. Throughout both the UK and the US, we have seen many attacks on high-profile organisations, using a variety of methods." The US has been the biggest target, with many more attacks taking place compared to other countries.

"This increased risk has resulted in security products becoming more aware of the environments they are protecting, Milbourne adds. "The battle between cybercriminals and security vendors is a constant game of whack-a-mole, where advancements are constantly being made on both sides. Unfortunately, attackers have the upper hand, because they have the luxury of taking all the time they need to plan out an attack, while those on defence have to be ready at all times. As a result, security products can no longer just block threats; they need to be able to rapidly identify when an attack occurs and how. They also have to be able to detect any threats that enter the network and learn to block these, or any similar, in the future."

To stay safe, security technology can go a long way in preventing an attack. "The challenge is in properly managing your security infrastructure and ensuring employees are also trained to be internet security aware. UK businesses should be concerned about cyberattacks, because most attackers are looking to gain financially - and the UK is one of the wealthiest nations. As we have seen over the past year, those with businesses based online or handling large amounts of sensitive data are at particular risk, but every business is a potential target."

MOVING TARGET
"Malware is constantly changing and is therefore a moving target," states Fraser Kyne, principal systems engineer, Bromium. "Anything highly targeted has the potential to use unknown or 'zero-day' attacks where the vulnerabilities are new and may be undetectable. Any tools of this nature are also very prone to false positives: where legitimate operations are flagged as potentially malicious. This not only wastes time and money during investigation, it can also lead to 'false-alarm-fatigue' where security professionals are so overwhelmed with data that they miss the needle in the haystack."

However, the real issues arise in terms of how quickly and safely this malware analysis can be done, adds Kyne. "You're talking about getting infected with a disease, in order to understand how it hurts you. This is the equivalent of waking a patient on their death bed to explain to them why they are dying… the damage has been done. They have your data or are now on your network. They may not want or need to get in again and you may not know they are there until it's way too late."

Technology like microvirtualisation enables a different approach, he argues, whereby attacks are mitigated where they actually run - on the endpoints themselves - while also providing a safer environment in which to detonate malware for analysis. "You're now talking about analysing a disease in a petri dish, not in a real patient.

"Getting tangible threat intelligence from real users and real attacks, while proactively protecting against those attacks, is the logical way forwards."

Page   1  2  3