Security Market Segment LS
Friday, 24 July 2020 13:38

In cyber security, detection is no longer enough

By Greg Wyman, Bufferzone Security

GUEST OPINION by Greg Wyman, Bufferzone Security:  The world of cyber security has become increasingly complex in past years. Endpoints continue to be the vector that most attackers and hackers use to breach an organisation.

In fact, 94 percent of data breaches start with an email, according to Verizon in 2019.

Historically detecting malware has been the mainstay in the cyber security industry. The challenge is that malware can now morph as frequently as every 15 seconds, and it estimated that over 230,000 new malware samples arrive every day.

As malware evolved and became more intelligent, we saw the next generation anti-virus (NGAV) products hit the market, which changed the dynamics.

Most worked on mathematical formulas to predict virus-like activity in a file. These were very effective against most malware where typically 20 percent of the code changed. This was broadly called polymorphic malware. Detection technology had started to evolve, to predicting virus-like behaviours.

A major challenge has been the release of new metamorphic malware, where over 80 percent of the code is changing and adapting in real-time, making it almost impossible to detect or predict malware in a file.

Today, we are seeing a rapid growth in EDR (endpoint detection and response) and MDR (managed detection and response) products in the industry.

A common trait with most EDR and MDR products is that the vendors recognise that they can’t and won’t detect all malware, especially the newest AI and machine learning driven malware.  So they deploy continuous monitoring to look for activities that could be, or are, malware or hackers attempting to breach an organisation via the endpoints.

These are powerful solutions –but they rely on the fact that malware or hackers will breach an organisation, hoping they will be able to detect the activity and then kill parts of the chain to stop the malware from impacting or infecting the organisation.

Detection has been, and will continue to be, a critical component in cyber defences for companies of all sizes. The question is simply, is detection enough? The answer is equally simple – No.

Detection should form the outer layer of a defensive posture, but the volume of malware and ever-increasing complexity of attacks requires a new methodology to eliminate threats from unknown, never-been-seen-before and zero-day attacks. Malware and hackers must be stopped at the endpoint, to protect endpoints and prevent hackers from breaching an organisation’s network.

Containment, Isolation, Sanitation

Containment, isolation and sanitisation technologies deliver this capability. They are located at the endpoint in the form of low impact, high performance secure virtual containers that capture, contain and isolate all malware threats whenever a user browses the web and all inbound email attachments are contained.

All files are contained and sanitised before being allowed into the corporate network to dramatically reduce almost eliminate the endpoint as an attack vector.

The key is the sanitisation process where all inbound Word, Excel, Powerpoint, PDF’s, PNG’s and so forth are deconstructed or broken down into their absolute basic known component parts. They are then reassembled using only the known good components to create a visually identical replica of the file.

All malware, VB scripts, macros and hacker code is left behind in the container. The file is clean and can pass through to the corporate network. The container is emptied at intervals during the day and all malware removed. No breach has occurred.

In an ideal world, every time a user browses the Internet, clicks a web link, downloads a file and opens an email attachment, or clicks a link in an email – they can all be automatically executed in a near invisible (to the user) secure virtual container from which malware simply cannot escape.

Users do not see or need to worry about malware or do anything special – they simply work as normal, with all their web and email sessions protected, preventing malware from gaining access to the organisation.

If endpoints are the largest attack vector and 94 percent of data breaches start at the endpoint and users stop these attacks by containing, isolating and sanitising every time a user browses the internet, clicks a web link or downloads a file – this puts you an organisation in a very strong defensive position.

Ultimately, the objective of containment, isolation and sanitisation solutions is for the attackers and hackers to move to an easier target.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News