Advanced Threat Scare Tactics Don't Sell, Say Solution Providers


Advanced threats, custom malware designed to defeat antivirus, legacy firewalls and other traditional security measures are a serious concern, but solution providers tell CRN that some businesses don’t recognize that, and often balk when told of the additional costs associated with so-called advanced threat detection software and appliances.

Virtual sandboxes are designed to detect new strains of malware and zero-day exploits that target previously unknown vulnerabilities, but they also result in the need for skilled security professionals to monitor logs for suspicious activity and respond to alerts to identify the risk associated with a detected threat. The increased activity has prompted Palo Alto Networks CEO Mark McLaughlin to call for new ways to reduce the burden on IT teams. In an interview with CRN at the 2014 Palo Alto Networks Ignite user conference in Las Vegas, McLaughlin said the solution to the problem may be a combination of more automation and better response processes.

"It's increasingly common to see companies struggle with response," McLaughlin said. "Increased vigilance is one thing, but having the ability to go in and automate the process of isolation and removal might reduce some overhead."

[Related: Advanced Persistent Threats: Not-So-Advanced Methods After All]

Solution providers say their clients desire less complexity and often turn off components that have the potential to disrupt end users. One of the most common ways for attackers to defeat a security appliance are misconfiguration issues introduced by complexity.

But small and midsize businesses are not immune to attacks, experts say. The complexity issue is only going to be compounded by the hybrid environments being adopted by some businesses, said Gordon Martin, president of Tulsa, Okla.-based PeakUpTime, an early Palo Alto Networks partner.

Palo Alto Networks and other network security vendors are adding on capabilities to address the increasing visibility needs, control and other security requirements that businesses have as they create hybrid cloud environments, Martin said. The company has been able to maintain its forward momentum without growing too complex as it adds capabilities. While the focus is on advanced threat detection, clients desire strong security and simplicity, Martin said.   

"Most clients don't really know where the next threat is coming from," Martin said. "You can't ignore the fact that you have to empower the customer to be able to get reporting, and manage their environment in such a way that they feel confident they have everything under control."

NEXT: Know Your Adversary, Says Palo Alto Networks' Chief Security Officer