 "New Strategies Against Advanced Cyber Threats: Frost & Sullivan")
With increased spending on IT resources since 2011, businesses expect rising customer demands for services such as online banking, cloud data storage, and social networking over the next three years. Organisations are responding to these trends by budgeting for additional capital expenditures on innovative IT strategies like Big Data analytics and virtualisation technology. Since many organisations lack security solutions capable of handling today’s advanced threats, they need new strategies for more efficient IT security solutions to protect valuable assets, including mission-critical servers containing sensitive credentials that protect intellectual property (IP) data.
Advanced threats are designed for the sole purpose of extracting data while avoiding detection in a stealthy, calculated manner. Security vulnerability can be traced to poor deciphering of what is considered malicious code, or incomplete attack analysis on network anomalies. Furthermore, many IT administrators rely solely on antivirus or host intrusion prevention systems (HIPS) on their mission-critical servers and endpoint devices. However, they are most often unaware that an attack has initiated within their infrastructure due to the numerous business processes and changes taking place within their servers (system upgrades and expansion, change processes, security policies, etc.). This factor, along with the lack of qualified security resources available to detect, monitor and mitigate these new advanced threats, drives the need for an advanced solution.
Currently, the channels that potentially have the greatest threat to organisations’ critical servers are: corporate email systems, “bring your own device” (BYOD) and social networks. These channels are susceptible entry ways for advanced attacks.
“What organisations need to understand is that cybercriminals are changing their attack plan. The target is on domain controllers that are essentially the master vault key for the entire enterprise that grants access to confidential assets,” said Frost & Sullivan Industry Analyst Ben Ramirez. “Once they are able to infiltrate and extract the enterprise credentials from the domain controllers, they are able to navigate the network freely while stealing IP data under the enterprise’s radar. Even more concerning is the speed and methodology attackers implement in these advanced attacks, which allows them to bypass traditional detection systems for long periods of time.”
It is clear that signature-based, standalone blacklisting, HIPS, and other endpoint solutions are simply not capable of coping with advanced threats impacting companies today. With new malware families and variants created in the tens of millions each year, endpoint security is unable to detect and mitigate malware threats successfully. However, in the end, users are still the weakest link – it only takes a single click on a malicious URL for malware to bypass firewall policies.
Managing today’s security challenges can lead to substantially higher IT management costs, while still failing to adequately address new advanced threats. To tackle these security issues, Frost & Sullivan recommends trust-based applications control technology to quickly respond to issues companies face with corporate email systems, BYOD environments, and social networks threats that occur between the endpoints and critical servers.
Traditional signature-based blacklisting security strategies have proven inadequate in addressing today’s sophisticated malware. Advanced threats are targeting servers to steal valuable corporate IP. These attacks are happening fast and are bypassing traditional detection and mitigation tools. The only way to prevent today’s advanced attacks is to stop them from executing. Executives must rethink their security strategy and use policy-driven, trust-based security solutions to protect against advanced threats.