Page 7 - index
P. 7
Modern Threats Signal Urgency for Security Strategies Overhaul
Simon Crosby, CTO of Bromium
Throughout the modern cyber era, organizations have deployed anti-virus (AV) products like
bouncers at the door of a club. The bouncers would comb a waiting line of outside patrons and,
if they spotted any troublemakers, they turned them away. No entry allowed.
And, for the longest time, the AV ‘bouncer’ system worked. Vendors came up with solutions
which blocked from a network previously identified malicious code, accumulating a signature-
based blacklist of “troublemakers.” When new versions of malware emerged, vendors would
update their AV products and proceed to continue protecting their customers.
Today, this system no longer adequately safeguards organizations, signaling urgency for a
cyber security best practices overhaul. Traditional AV tactics are “dead,” according to no less of
an authority than Symantec – a leading player in the AV market. In fact, such techniques detect
only 45 percent of all attacks, according to Brian Dye, Symantec's senior vice president for
information security. The threat landscape is increasingly virulent and rapidly changing, with
hundreds of millions of new malware variants created every year, according to a recent report
from Forrester Research. AV tools are too reactive to keep up. By the time they find and
blacklist a new attack, a wealth of others enter the equation.
For “what’s the worst that can happen?” examples, we need look no further than companies
such as Target, from which cyber criminals stole 40 million customer credit card numbers and
70 million addresses, phone numbers and additional items of information late last year. Then,
this past May, eBay announced that a database was compromised containing encrypted
passwords and other data, prompting a warning to its 128 million active users to change their
passwords.
Such incidents can inflict crippling damage to the bottom line. The average cost of a breach in
2014 is totaling $3.5 million, which is 15 percent more than the average monetary burden in
2013, according to research from the Ponemon Institute. Then, there’s the immeasurable,
destructive impact on brand reputation and customer trust.
Recently, Bromium surveyed 300 information security practitioners, and 85 percent indicated
that AV solutions are unable to protect against advanced targeted attacks. Not when endless
forms of sophisticated malware are designed and tested to circumvent current security
solutions, such as those driven by signature-based detection and behavioral analysis.
Sure, our industry can discuss in perpetuity the need for new methods and technologies. But we
have to do more. We must push for a fundamental change in the very foundation of information
security.
7 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
