CS Oct 2021
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
advanced threat protection<br />
A SHAPE-SHIFTING WORLD<br />
ATTACKERS USE TRUSTED CLOUD SERVICES AND CONSTANTLY CHANGE THEIR<br />
TACTI<strong>CS</strong> TO AVOID KNOWN PATTERNS OF BEHAVIOUR. CAN ADVANCED THREAT<br />
PROTECTION STILL BE EXPECTED TO KEEP PACE AGAINST SUCH FORCES?<br />
Patrick Wragg, Integrity360: the key to<br />
advanced threat protection is layers -<br />
ensuring your operating systems and<br />
applications are up to date; users are<br />
educated; and that you have the latest<br />
security solutions in place.<br />
Advanced threat protection (ATP)<br />
refers to a category of security<br />
solutions that defends against<br />
sophisticated malware or hacking-based<br />
attacks, targeting sensitive data. ATP<br />
solutions can be available as software or<br />
as managed services. They can differ in<br />
approaches and components, but most<br />
include some combination of endpoint<br />
agents, network devices, email gateways,<br />
malware protection systems, and a<br />
centralised management console to<br />
correlate alerts and manage defences.<br />
But how do they operate and perform 'in<br />
anger', so to speak, and where might there<br />
be any weaknesses? At the same time,<br />
in a world where the threat levels alter<br />
dramatically and rapidly at an alarming rate,<br />
where might they need to be adapted to<br />
counter future emerging challenges?<br />
"Perhaps it's become a cliché, but advanced<br />
threat protection requires detection and<br />
containment, 'beyond the email gateway',"<br />
says Mike Fleck, VP marketing at Cyren.<br />
"Cybersecurity and industry professionals<br />
have been using this term to describe the<br />
need for organisations to have a layered<br />
security approach with security controls and<br />
incident response capabilities to deal with<br />
the advanced threats that slip past the email<br />
perimeter and arrive in a user's mailbox.<br />
HEART OF THE ORGANISATION<br />
"Email is the most common method of<br />
delivering threats - advanced and otherwise<br />
- because it is one of the few ways to<br />
transport an attack straight to the heart of<br />
an organisation, through its people. What's<br />
more, the most favoured approach to an<br />
email attack is phishing [ie, harvesting login<br />
information using spoofed web pages of<br />
trusted brands]; once attackers have the<br />
ability to remotely log in to a corporate<br />
network, they can launch convincible fraud<br />
campaigns and surveil the environment to<br />
find the most sensitive data to steal or the<br />
most business-critical servers to infect with<br />
ransomware."<br />
Security controls beyond the gateway<br />
have traditionally focused on data loss<br />
prevention, sophisticated malware analysis<br />
and endpoint security solutions, he points<br />
out. "However, advanced email threats still<br />
evade detection and containment largely<br />
because attackers use trusted cloud services<br />
and constantly change their tactics to avoid<br />
known patterns of behaviour. Endpoint<br />
security agents can quickly spot a<br />
compromised device, but it may be too late.<br />
Data loss prevention can detect sensitive<br />
data as it leaves the organisation, but only<br />
after the initial compromise. There is clearly<br />
a gap in advanced threat protection<br />
capabilities between the email server and<br />
the end user device. This gap is easy to see<br />
when you understand the degree to which<br />
enterprises rely on employees to identify<br />
advanced threats in their mailboxes."<br />
A better way is to simply add a layer of<br />
automated detection and incident response<br />
to the mailboxes, Fleck adds. "As enterprises<br />
migrate their email servers to cloud<br />
offerings like Office 365, it becomes easier<br />
to close this gap by using APIs to connect<br />
advanced threat protection clouds to<br />
email mailbox clouds. This layer of<br />
control complements the detection and<br />
containment efforts already underway by<br />
14<br />
computing security <strong>Oct</strong>ober <strong>2021</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk