Page 41 - CDM Cyber Warnings February 2014
P. 41
to proactively prevent potential damage. Either way, I recommend reviewing the following questions when deciding if
you want to go with a certain next generation cyber-defense solution vendor.
10 QUESTIONS TO ASK YOUR NEXT GENERATION SECURITY SOLUTION VENDOR
1. Is your solution signature based� (If yes – tell him/her to stop wasting your time now)
2. Is your solution network-based or endpoint-based�
3. Is your solution based on behavioral analysis�
a. Behavioral:
i. How do you reduce the possibility of evasion�
ii. What are your �sensors � and how do you protect them�
b. Non-behavioral:
i. What is the core of your approach�
ii. How do you deal with the complexity of implementing such a solution�
4. Is your solution acting before or after malicious code runs on the endpoint�
5. Is your solution based on sandboxing�
a. What type of sandbox (network / application, hardware / kernel / binary translation based virtualization)�
b. Is it dependent on projects that have been vulnerable in the past� (such as QEMU, XEN, …)
c. Can an attacker target your sandbox�
6. How does your solution protect from unknown malicious executables�
7. Can your solution protect from exploits (not malicious executables)�
a. How (prevention, network sandboxing, post exploitation detection)�
b. Are you offering a multi-layered defense� (How many points of failure to escape� )
c. How do you protect from 0-days�
d. How do you match the target endpoint�s software and configuration�
8. (If relevant) Is the solution protecting my users when they travel outside the organization�
9. Does your solution integrate with SIEM�
10. Do you offer some method of attack reproduction in a controlled environment for forensic intelligence gathering�
About The Author
Gal Diskin is the Chief Research Officer at Cyvera (www.cyvera.com). Gal is a veteran security researcher that
has presented his work in leading conferences including BlackHat, DEFCON, HITB, ZeroNights and various
other conferences. Gal holds a GIAC GPEN certification and is also a certified instructor for SANS 560 and 660
classes. He studied Math and Computer Science at the Technion. Prior to working for Cyvera Gal was the Security
Evaluation Architect of the Software and Services Group at Intel®, the parent group of McAfee and WindRiver.
Prior to that, Gal held various positions related to IT and information security.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 41
