OnPage Corporation is the Secure Messaging/Critical Alerts Leader: Learn More…
Security attacks? New defenses in 2016 escape compromise.
Article Courtesy of: TechTarget
Worried that attackers may know your infrastructure better than you do? Cyberthreats are learning fast from defenses that detect them. New strategies focus on what happens next.
Arden Peterkin has little faith that antivirus software can be effective against today’s cyberthreats.
In the past, the security architect deployed antivirus software on 80,000 endpoints in a large Georgia school district’s network to prevent a security attack. While the software reported “all clear,” a quick look at the device logs for the network confirmed infected systems were still communicating with known command-and-control sites.
“The actual management console was showing that everything was great, but when we looked at the logs, they showed that the network was totally infected,” says Peterkin, a security contractor with Reamer & Associates.
Today, Peterkin still uses antivirus technology as a first measure to weed out obvious cyberthreats but focuses on other technologies to stop increasingly sophisticated threats targeting his users. Protecting roughly 25,000 teachers and more than 175,000 students requires proactive management of vulnerabilities, constant monitoring of network events and a focus on guarding any critical data. Peterkin and the other members of the security team use three different agents on most endpoints, manage the network’s defenses with a security information and event monitoring (SIEM) system, and liberally encrypt important data.
Yet he is always looking for better ways to catch increasingly advanced security attacks, and he is not alone. As the security community enters 2016, the arms race between attackers and defenders continues. While few companies plan on doing away with endpoint protection in 2016, security professionals stress that other approaches are necessary.
Better hiding places
That’s because adversaries are becoming more skilled at not only avoiding detection by antivirus scanners, but hiding from the automated analysis techniques that security firms rely on to detect malicious programs. The Dyre family of malware, for example, detects the number of processing cores on which its target’s operating system runs to identify whether the malware is being watched by security analysts. (Analysis systems typically run on virtual machines with their operating systems assigned to a single core for performance reasons.)
In a recent version of its software, the DarkHotel group of cyber spies fingerprinted any system on which the program runs to detect an analysis environment and went a step further by encrypting the data in memory.
“Unfortunately, threats will continue to evolve,” says Ehud Shamir, chief security officer of endpoint security provider SentinelOne. “Criminals will become much more sophisticated, and nations [intent on espionage] have huge budgets, which will fuel continuous innovation, almost without limit.”
Defenders will have difficulty combatting the increasingly sophisticated security attack without the right tools. Security experts and professionals are looking at a handful of other technologies to better secure the network.
“There are many fronts you have to focus on and, unfortunately, we have to excel on every front. But the attacker only has to be successful — or lucky — on a single front,” Peterkin says.
While the landscape of attacks, vulnerabilities and motives is changing, security professionals stress that most companies should not worry about the more advanced attacks until they can deal with the basics. NSS Labs, which monitors security attacks against test networks, estimates that 98% of attacks are criminal or vandalism, and not the advanced espionage that garners the largest headlines.
In its annual Data Breach Investigations Report, Verizon found that seven out of every eight breaches boiled down to one of three basic attacks: Physical theft, errors in hosting or delivering data, or compromised credentials and privilege misuse. In fact, almost half of breaches could be stopped if companies implemented two-factor authentication and vulnerability management, according to Jonathan Nguyen-Duy, chief technical officer for Verizon’s security group.
“These are basic things that companies are still failing to do,” he says. “We are still not patching vulnerabilities that we have known about for weeks, months or years. Even when we have perfect information, we are still not using it because we are overwhelmed.”
More technology is not necessarily the answer. Often a new security system results in a massive influx of data, much of it false alarms. Companies should focus on getting out from underneath all the data produced by information technology and alerts created by ostensibly “helpful” security technologies, says Phil Burdette, senior security researcher for the Counter Threat Unit at Dell SecureWorks.
“I think organizations need to prioritize what they are trying to defend against,” he says. “There are lots of threats out there in the world. It is not reasonable that all organizations can check themselves against everyone.”
However, by looking at specific cyberthreat areas, companies will find that newer technologies offer some interesting possibilities.
SIEM systems are key for keeping abreast of the vulnerabilities that cause security attacks in a network and prioritizing the updates of vulnerable software.
Read the FULL STORY on TechTarget