(By Sue Poremba)
“Attackers target a particular firm, looking to gain access to a particular asset. They identify an unknown vulnerability (commonly known as a ‘zero-day’) in software the firm is running and find a way to run code to exploit that vulnerability, earning access to install malware on the system. Once the malware is installed and they can remotely access the malware, they “own” you.“
Popular wisdom has long been that no computer is safe without anti-virus (AV) software installed. However, AV isn’t as effective as it used to be.
“The attackers today are creating malware faster than the anti-malware software vendors can produce anti-malware definitions,” said Leonard Jacobs, president/CEO of security company Netsecuris Inc.
But Jacobs indicates there is a much bigger threat to the corporate network.
“I have spoken with many anti-malware software vendors,” Jacobs added, “and most of them agree that their products are becoming less effective due to advanced persistent threats.”
Advanced persistent threats (APTs) work this way: Attackers target a particular firm, looking to gain access to a particular asset. They identify an unknown vulnerability (commonly known as a ‘zero-day’) in software the firm is running and find a way to run code to exploit that vulnerability, earning access to install malware on the system. Once the malware is installed and they can remotely access the malware, they “own” you.
Because of the way threats are evolving, security experts say it is time to think beyond AV and focus on security suites as frontline computer protection.
According to Cameron Camp, security researcher at security company ESET, a security suite should have, at a minimum, an anti-malware component (preferably with an auto-learning feature called heuristics), a configurable firewall to block network threats, and an option to scan media when it is connected to the computer. Other basic options include anti-spyware, anti-spam, intrusion prevention, and Internet content filtering.
“APT protection has almost become a necessity, because absent an auto-learn (heuristic) behavior, the protection capabilities of a security suite will lag until an emerging threat can be studied, categorized and then a solution (signature) sent out to every endpoint,” Camp said.
“A delay of this kind can be catastrophic, protection-wise, and can end in a nasty infection and spread of malware,” he explained. “An auto-learn will look at the behavior and stop a new threat based on how it acts, even before being studied by researchers.”
No matter what elements are included in the corporate security suite, for security to operate properly, executives and security professionals have to understand exactly what it is they are protecting.
“Centralized management is a must,” said Peter Beardmore, senior director of product marketing with Kaspersky Lab. “You can’t secure what you can’t manage. So administrators need to be able to reach out and touch every endpoint (PCs, Macs, smartphones, virtual machines) to report on and maintain security policies.”
For many businesses this is more difficult than it appears at first-glance. “Often ‘best-in-breed’ suites are cobbled together by administrators seeking the best-available software for each security function,” Beardmore said. “But that inevitably leads to multiple selection and acquisition projects, multiple trainings, multiple deployments, and multiple screens to monitor, multiple policies to manage.”
To ensure that you have the best security suite for your needs, first evaluate where your business risks are. As Camp’s ESET colleague Aryeh Goretsky stated, “A suite should be configurable enough so that if a particular feature isn’t needed it can be uninstalled or disabled without affecting the rest of the program.”
“Opinion pieces of this sort published on RISE Networks are those of the original authors and do not in anyway represent the thoughts, beliefs and ideas of RISE Networks.”