Page 17 - index
P. 17
Q&A with Tim Clark, The FactPoint Group, on Automated
Malware Removal
By Todd Weller, VP, Corporate Development, Hexis Cyber Solutions
Earlier this year, one of the biggest U.S. hospital groups, Community Health Systems Inc.
(CHN) publicly announced that it was a victim of a Chinese-driven cyber-attack. The attack, led
by hacking group “APT 18,” stole Social Security numbers and other personal data belonging to
4.5 million patients within the organization’s network. This is just another instance of advanced
hackers infiltrating the network of an unsuspecting organization.
These unfortunate occurrences have left many companies scratching their heads and thinking,
“Is there any way to truly protect our data?” Inadequate defense technologies that attempt (but
more often than not fail) to quickly remove threats are leaving end-users vulnerable to an attack.
Is there a fail-safe approach to better security? Tim Clark, partner at The FactPoint Group and
security industry expert believes that automated malware removal is key to any effective
security strategy. Here’s what he had to say:
1. Why are companies so scared of automation?
Security professionals are nervous about automated malware removal because they don’t
really understand it. While it may just be an overall messaging problem that our industry
needs to address, many equate the term “automated” to turning an entire process over to a
machine – an act that leaves many feeling uneasy and with little control. For dealing with
Advanced Persistent Threats (APTs), a handful of organizations focus on leveraging
technologies that prevent and/or remediate the issue – instead of completely removing the
malware itself. When malware is simply contained or isolated, it leaves an opportunity for
sophisticated malware to re-infect the system.
2. Why should companies embrace automated malware removal?
Attackers are advancing, incidents are increasing and the number of qualified security
professionals can’t keep pace. Companies are still dealing with the aftermath of the
recession; they don’t want to invest in things that don’t drive revenue, i.e. security
professionals. To them, security doesn’t produce revenue. While that may be true, security
does protect revenue. Automated malware removal helps to address the tight budget
problem. It allows for the routine incident response work of initially recognizing malware to
be done by a computer so that the highly skilled security pros can be working on more
difficult, advanced problems – not wasting time on clerical work.
3. How can companies make automated malware removal work for them?
When it comes to implementing automation, there are a few best practices that companies
should consider. First, to minimize the risk of false positives, security professionals should
leverage both historical information and forensic analysis of malware. Do the work. Second,
these same security pros should automate certain tasks they feel comfortable with by setting
17 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
