You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
malware<br />
cannot afford to suffer another Anthem or<br />
Target style breach... Information<br />
technology and information security<br />
personnel are inundated by the number of<br />
dashboards, products and security suites<br />
necessary to minimally protect vital<br />
infrastructure. In critical infrastructure<br />
sectors especially, layers of incompatible<br />
technologies are 'Frankensteined' together<br />
in a haphazard attempt at nominally<br />
meeting security standards. Any unused<br />
technology in every layer exponentially<br />
increases cybersecurity noise and could<br />
result in exploitable security vulnerabilities.<br />
Meanwhile, C-level executives suffer from<br />
security solution fatigue as the result of<br />
incessant product evaluations, investments,<br />
and failures," he points out.<br />
So, what is the way forward, in his view?<br />
"Critical infrastructure cybersecurity must<br />
rely on predictive, preventive and protective<br />
solutions that detect and mitigate threats<br />
pre-execution. Organisations need machine<br />
learning AI endpoint security solutions<br />
capable of preempting and mitigating<br />
known and unknown malicious files and<br />
code based on characteristics, rather than<br />
signatures or behaviour, and that are<br />
capable of scaling to protect vital systems."*<br />
CYBERCRIME GLUT<br />
Combatting malware is a challenge all too<br />
familiar to the vendor community, who see<br />
its effects constantly. As Matt Walker, VP<br />
Northern Europe at Ivanti powered by HEAT<br />
Software, points out: "With new zero day<br />
vulnerabilities being discovered each week,<br />
and around 18 million new malware<br />
samples being registered in Q3 2016 alone,<br />
it's no wonder that last year saw cybercrime<br />
levels overtaking traditional crime in the UK.<br />
The reality is that individuals and<br />
organisations of all sizes must now build<br />
their plans around when, not if, they are<br />
attacked and, in isolation, preventive<br />
strategies such as AV and firewalls simply<br />
can't keep up."<br />
The most effective defence, he argues,<br />
begins with intelligent whitelisting,<br />
combined with regular and consistent patch<br />
management, as well as application control.<br />
"In other words, a layered approach to<br />
security is key and can eliminate 99% of the<br />
IT security risks that organisations face."<br />
PROTECTION RETHINK<br />
Customers need a new level of protection,<br />
says Edouard Viot, product manager,<br />
Stormshield - a level that allows their<br />
security systems to analyse in real time what<br />
happens in the memory, in order to react to<br />
uncommon behaviour. "Instead of looking<br />
for a pattern match to a signature of an old<br />
virus within a file against that stored in a<br />
database, these new security systems<br />
evaluate in real-time for unusual behaviour<br />
in memory. Most modern malware adopts<br />
several methods to bypass intrusion<br />
prevention systems and antivirus analysis<br />
engines - and the first thing that they do<br />
once loaded in memory is to decrypt and<br />
reassemble part of the malicious code, in<br />
order to infect the machine.<br />
The key to tackling this issue is to use<br />
software that has been designed to detect<br />
the malicious process that an executable file<br />
is carrying out in memory, in order to<br />
understand that something really malicious<br />
is ongoing on the system and can be<br />
blocked before it can cause harm. "It should<br />
also monitor in real-time the unusual<br />
behaviour of memory blocks, stopping<br />
infection on the endpoint even if it bypassed<br />
another antivirus on the way in," says Viot.<br />
The other key is to detect when abnormal<br />
activity is highlighted on the network, so as<br />
to react as fast as possible and to<br />
proactively distribute protection to other<br />
hosts once malware has been identified on<br />
one. In this case, MLCS [Multi-Layer<br />
Collaborative Security] can help. "When<br />
malicious activity is detected on the host,<br />
the software should be able to set up the<br />
proper rules to react at a network level."<br />
* For the full report, see:<br />
http://bit.ly/2k8aKuf.<br />
Matt Walker, Ivanti powered by HEAT<br />
Software: a layered approach to security<br />
is key.<br />
Edouard Viot, Stormshield: customers<br />
need a new level of protection.<br />
www.computingsecurity.co.uk @CSMagAndAwards March/April 2017 computing security<br />
15