CS1703

malware
cannot afford to suffer another Anthem or
Target style breach... Information
technology and information security
personnel are inundated by the number of
dashboards, products and security suites
necessary to minimally protect vital
infrastructure. In critical infrastructure
sectors especially, layers of incompatible
technologies are 'Frankensteined' together
in a haphazard attempt at nominally
meeting security standards. Any unused
technology in every layer exponentially
increases cybersecurity noise and could
result in exploitable security vulnerabilities.
Meanwhile, C-level executives suffer from
security solution fatigue as the result of
incessant product evaluations, investments,
and failures," he points out.
So, what is the way forward, in his view?
"Critical infrastructure cybersecurity must
rely on predictive, preventive and protective
solutions that detect and mitigate threats
pre-execution. Organisations need machine
learning AI endpoint security solutions
capable of preempting and mitigating
known and unknown malicious files and
code based on characteristics, rather than
signatures or behaviour, and that are
capable of scaling to protect vital systems."*
CYBERCRIME GLUT
Combatting malware is a challenge all too
familiar to the vendor community, who see
its effects constantly. As Matt Walker, VP
Northern Europe at Ivanti powered by HEAT
Software, points out: "With new zero day
vulnerabilities being discovered each week,
and around 18 million new malware
samples being registered in Q3 2016 alone,
it's no wonder that last year saw cybercrime
levels overtaking traditional crime in the UK.
The reality is that individuals and
organisations of all sizes must now build
their plans around when, not if, they are
attacked and, in isolation, preventive
strategies such as AV and firewalls simply
can't keep up."
The most effective defence, he argues,
begins with intelligent whitelisting,
combined with regular and consistent patch
management, as well as application control.
"In other words, a layered approach to
security is key and can eliminate 99% of the
IT security risks that organisations face."
PROTECTION RETHINK
Customers need a new level of protection,
says Edouard Viot, product manager,
Stormshield - a level that allows their
security systems to analyse in real time what
happens in the memory, in order to react to
uncommon behaviour. "Instead of looking
for a pattern match to a signature of an old
virus within a file against that stored in a
database, these new security systems
evaluate in real-time for unusual behaviour
in memory. Most modern malware adopts
several methods to bypass intrusion
prevention systems and antivirus analysis
engines - and the first thing that they do
once loaded in memory is to decrypt and
reassemble part of the malicious code, in
order to infect the machine.
The key to tackling this issue is to use
software that has been designed to detect
the malicious process that an executable file
is carrying out in memory, in order to
understand that something really malicious
is ongoing on the system and can be
blocked before it can cause harm. "It should
also monitor in real-time the unusual
behaviour of memory blocks, stopping
infection on the endpoint even if it bypassed
another antivirus on the way in," says Viot.
The other key is to detect when abnormal
activity is highlighted on the network, so as
to react as fast as possible and to
proactively distribute protection to other
hosts once malware has been identified on
one. In this case, MLCS [Multi-Layer
Collaborative Security] can help. "When
malicious activity is detected on the host,
the software should be able to set up the
proper rules to react at a network level."
* For the full report, see:
http://bit.ly/2k8aKuf.
Matt Walker, Ivanti powered by HEAT
Software: a layered approach to security
is key.
Edouard Viot, Stormshield: customers
need a new level of protection.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2017 computing security
15