Find, freeze and fix fast: What your team needs at the advanced threat gunfight

Share this article:
Michael Fey, worldwide CTO, McAfee, Inc.
Michael Fey, worldwide CTO, McAfee, Inc.

Enterprise IT security systems were traditionally set up around the concept of a firewall that kept adversaries out of the enterprise. Recently, under the assumption that bad things get in, sandboxing features have been bolted on to enterprise environments to isolate copies of suspicious files, analyze their packets, and even activate and analyze malicious payloads to understand their intent and functionality.

The issue is that today's targeted attacks use advanced malware designed to defeat IT security controls through a variety of approaches that either confuse or avoid them altogether. Malware can get through firewalls even if they are deployed at multiple protocol levels and it can beat sandboxing by delaying execution until it detects the required native operating environment.

Advanced malware payloads can be encrypted, split up or encoded, or they can hide amid torrents of calls on systems, slipping into a flood of legitimate protocol transmissions that overwhelm both the firewall and the sandbox.  To make things worse, organizations attempt to manage risk but cut costs by commonly deploying firewalls and sandboxes at predictable entry points, rather than protecting themselves system-wide.

And, while critical in a security environment, the firewall and the sandbox lack the command and control capacity to orchestrate a security environment's response to an attack – they can do nothing to stop it.

Simply put, organizations require security environments that are able to find, freeze and fix advanced malware fast:

  • Find.  While many firewalls and sandboxes can be bypassed or eluded, organizations can improve their ability to find threats by connecting firewalls and sandboxes with advanced management software and threat intelligence – informing, learning from, and collaborating with the entire IT environment.
  • Freeze. If and when attacks happens, defenses and countermeasures must be aware and informed so attacks can be recognized, infected hosts quarantined, and malware frozen before it can propagate elsewhere in the system. While neither a firewall nor an isolated sandbox can stop an attack inside the network, the threat information they share can be used to update gateway protections, endpoint protections and cloud intelligence services.
  • Fix. If a sandbox can comprehend and communicate the purpose and functionality of malware, enterprises can more effectively scope the attack, remediate the damage and avoid further disruption. Beyond the fix, forensic analysis of this threat intelligence can even help determine the actors behind the attacks.
  • Fast. Each step of “find, freeze, fix”—can be expedited, and the entire threat lifecycle can be condensed when automation replaces the decisions and delays of manual analysis and tasks. Rules and policies replace phone calls and emails to take action, while humans oversee the big picture of managing risk.

Finding, freezing and fixing advanced exploits fast requires a fully integrated, well managed approach to IT security that analyzes, evaluates, communicates and decisively responds to each new threat. Such an approach will enable organizations to quickly and efficiently respond to threats comprehensively, removing coverage gaps and blind spots lurking between firewalls and endpoints, or from data center to mobile device.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.