Page 60 - Cyber Warnings
P. 60
Today s Threat Landscape Requires Adaptive Security
By Dan Joe Barry, VP Positioning and Chief Evangelist at Napatech
Cybercriminals’ ingenuity seems to know no bounds. Their latest brainchild is the non-malware
attack. In this scenario, no malware is downloaded to the user’s computer. Instead, a malware
script is activated that exploits vulnerabilities in flash, web browsers and other existing tools on
the computer. As many of the security prevention solutions installed are focused on preventing
malware download, this attack nullifies the effectiveness of a large part of the security
architecture.
The onslaught of cyber threats shows no signs of slowing. Fortinet’s Global Threat Landscape
Report Q4 2016 revealed an average of 10.7 unique application exploits per organization, and
about nine in 10 organizations detected critical or high-severity exploits.
Not all of these threats are new; 86 percent of firms registered attacks attempting to exploit
vulnerabilities that were over a decade old. In addition, 36 percent of organizations detected
botnet activity related to ransomware, with an average of 6.7 unique active botnet families per
organization.
Joining forces with time-tested attack methods, multiple recent factors have converged to create
greater complexity and threat opportunity in the network, undermining the effectiveness of
security prevention solutions. Bring Your Own Device (BYOD) can act as a Trojan horse to gain
access to the network, and employees or contractors can knowingly or unwittingly mishandle
data in a way that results in a breach. Cloud computing also provides new opportunities for
attackers, who are constantly looking for novel ways to breach the wall by exploiting
vulnerabilities.
Not Just Prevention – Detection
So then, in addition to today’s security prevention solutions, organizations need a layer of
advanced threat detection that can be deployed based on user and network behavior analysis.
These internal advanced threat solutions rely on continuous monitoring of network activity to
first establish a profile of normal network behavior and then compare real-time activity to this
profile to detect anomalous behavior. When used in conjunction with the information from other
security solutions, it can provide the first indication that a breach has taken place.
Because it does not rely on detecting file downloads but on detecting activities that are out-of-
the-ordinary, giving the security team the basis for further investigation, this solution is
particularly effective in combating non-malware attacks. The fundamental capability underlying
network behavior analysis is the ability to analyze all network traffic in real time. This requires
packet capture solutions that can deliver each and every packet for analysis without packet loss,
even at speeds up to 100G.
60 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide