The threats lurking in cyberspace, particularly in terms of data security, are numerous. Scary, too, especially forcompanies that haven't recently updated their appraches to security. Solution providers can provide a lifeline to these potential customers, says Jessica Couto, director of business development for Bit9. Here are some tips to get the ball rolling.—Jennifer Bosavage, editor
For decades, the security industry has been chasing an infinite list of malicious software and creating a blacklist to prevent them from running. That reactive approach is no longer effective, as evidenced by the volume of high-profile data breaches still taking place. Today, enterprises are faced with exponential growth in IP theft, advanced persistent threats (APTs) and other sophisticated malware. Solution providers seeking new technologies for their portfolios that overcome the limitations of legacy blacklisting solutions have a great opportunity to help their customers avoid data loss.
[Related: How to Get Your Arms Around Big Data ]
Here are five topical themes about today’s threat landscape and a new approach that solution providers can follow for a consultative discussion with their customers about protecting their high valued data assets from today’s advanced threats.
1. Educate on what motivate the “bad guys."
The actors (“the bad guys”) in cyberspace who we need to worry about today are not the hobbyists who write viruses for sport. Rather, we should be highly aware of criminal enterprises and state sponsored cyber espionage actively stealing data. Criminals are after data that can be monetized and often employ fictitious emails known as spear phishing which dupe users into clicking links that result in infection as a means to steal data, often including personal identifiable information (PII). Worse yet, state sponsored attacks are well engineered viruses known as advanced persistent threats (APTs) designed to infiltrate a corporate network to gain access to and infiltrate intellectual property including designs, source code, and more.
2. Explain why yesterday’s anti-virus is ineffective against most of today’s threats.
Unfortunately, bad has gotten good. That is, the bad actors discussed in point #1 are developing sophisticated malware that is increasingly difficult to detect. Those never-seen-before micro distribution viruses are chameleons constantly changing so they go undetected. Traditional anti-virus of yesteryear uses a static, signature-based approach for the detection of macro distribution viruses that is simply ineffective against modern malware. The bad guys know this and can therefore easily bypass traditional anti-virus defenses.
3. Prescribe a defense in depth, layered security model is required.
While there is a set of “next gen” security solutions that are much more effective than anti-virus software, there is no single silver bullet. And the increase of cloud-based applications being accessed from a diversified set of mobile devices is dissolving the network perimeter. As a result, a defense in depth in the form of a layered solution is required to protect the corporate network as well as mobile users. An advanced threat protection solution comprises contemporary technologies for endpoints, servers, and the network that were designed with a security model which can detect and prevent modern advanced threats.
4. Educate on how a trust-based security model prevents malware unknown to anti-virus.
As noted above, chasing the increasingly sophisticated nature of malware is an infinite loop. We need a new model. Instead of trying to detect bad, you should only allow good by treating your corporate network as you would your home -- only allow in those you trust. A trust-based security model allows customers to establish a baseline of what is trusted in their environment from which they can detect outliers preventing targeting attacks from stealing high valued data. If not known good, do not allow it to run.
5. Start with the highest value target, your servers.
Most of these advanced, targeted attacks exploit the human vulnerability as their entry point to a corporate network. But the endpoint is not the ultimate destination of an advanced threat. APTs move laterally to servers which are gateways to intellectual property stored on backend storage devices. Of the servers,domain controllers are often the primary target since they hold the crown jewels: access credentials to servers, systems, applications, and data repositories. These servers are often left unprotected with the false pretense that anti-virus on the endpoint and network defenses are sufficient. The opposite is true given the ability of advanced threats to slice through those defenses and make their way onto servers. As such, servers, especially domain controllers, should be the first set of assets that are protected with a trust-based application control and whitelisting solution.
In summary, the contemporary threat landscape represents an appropriate opportunity for solution providers, as their customer’s trusted advisor, to educate on why yesterday’s security technologies are ineffective against today’s evolved threat. With that reality explained, solution providers can then offer a solution to protect their customer’s intellectual property with a contemporary approach, one that is based on trust to detect and prevent untrusted change that is the APT.
