Friday, 24 July 2020 14:01

In cyber security, detection is no longer enough

GUEST OPINION by Greg Wyman, Bufferzone Security:  The world of cyber security has become increasingly complex in past years. Endpoints continue to be the vector that most attackers and hackers use to breach an organisation.

In fact, 94 percent of data breaches start with an email, according to Verizon in 2019.

Historically detecting malware has been the mainstay in the cyber security industry. The challenge is that malware can now morph as frequently as every 15 seconds, and it estimated that over 230,000 new malware samples arrive every day.

As malware evolved and became more intelligent, we saw the next generation anti-virus (NGAV) products hit the market, which changed the dynamics.

Most worked on mathematical formulas to predict virus-like activity in a file. These were very effective against most malware where typically 20 percent of the code changed. This was broadly called polymorphic malware. Detection technology had started to evolve, to predicting virus-like behaviours.

A major challenge has been the release of new metamorphic malware, where over 80 percent of the code is changing and adapting in real-time, making it almost impossible to detect or predict malware in a file.

Today, we are seeing a rapid growth in EDR (endpoint detection and response) and MDR (managed detection and response) products in the industry.

A common trait with most EDR and MDR products is that the vendors recognise that they can’t and won’t detect all malware, especially the newest AI and machine learning driven malware.  So they deploy continuous monitoring to look for activities that could be, or are, malware or hackers attempting to breach an organisation via the endpoints.

These are powerful solutions –but they rely on the fact that malware or hackers will breach an organisation, hoping they will be able to detect the activity and then kill parts of the chain to stop the malware from impacting or infecting the organisation.

Detection has been, and will continue to be, a critical component in cyber defences for companies of all sizes. The question is simply, is detection enough? The answer is equally simple – No.

Detection should form the outer layer of a defensive posture, but the volume of malware and ever-increasing complexity of attacks requires a new methodology to eliminate threats from unknown, never-been-seen-before and zero-day attacks. Malware and hackers must be stopped at the endpoint, to protect endpoints and prevent hackers from breaching an organisation’s network.

Containment, Isolation, Sanitation

Containment, isolation and sanitisation technologies deliver this capability. They are located at the endpoint in the form of low impact, high performance secure virtual containers that capture, contain and isolate all malware threats whenever a user browses the web and all inbound email attachments are contained.

All files are contained and sanitised before being allowed into the corporate network to dramatically reduce almost eliminate the endpoint as an attack vector.

The key is the sanitisation process where all inbound Word, Excel, Powerpoint, PDF’s, PNG’s and so forth are deconstructed or broken down into their absolute basic known component parts. They are then reassembled using only the known good components to create a visually identical replica of the file.

All malware, VB scripts, macros and hacker code is left behind in the container. The file is clean and can pass through to the corporate network. The container is emptied at intervals during the day and all malware removed. No breach has occurred.

In an ideal world, every time a user browses the Internet, clicks a web link, downloads a file and opens an email attachment, or clicks a link in an email – they can all be automatically executed in a near invisible (to the user) secure virtual container from which malware simply cannot escape.

Users do not see or need to worry about malware or do anything special – they simply work as normal, with all their web and email sessions protected, preventing malware from gaining access to the organisation.

If endpoints are the largest attack vector and 94 percent of data breaches start at the endpoint and users stop these attacks by containing, isolating and sanitising every time a user browses the internet, clicks a web link or downloads a file – this puts you an organisation in a very strong defensive position.

Ultimately, the objective of containment, isolation and sanitisation solutions is for the attackers and hackers to move to an easier target.

Read 2034 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



Related items

Share News tips for the iTWire Journalists? Your tip will be anonymous