Enterprise IT security systems were traditionally set up around the concept of a firewall that kept adversaries out of the enterprise. Recently, under the assumption that bad things get in, sandboxing features have been bolted on to enterprise environments to isolate copies of suspicious files, analyze their packets, and even activate and analyze malicious payloads to understand their intent and functionality.
The issue is that today's targeted attacks use advanced malware designed to defeat IT security controls through a variety of approaches that either confuse or avoid them altogether. Malware can get through firewalls even if they are deployed at multiple protocol levels and it can beat sandboxing by delaying execution until it detects the required native operating environment.
Advanced malware payloads can be encrypted, split up or encoded, or they can hide amid torrents of calls on systems, slipping into a flood of legitimate protocol transmissions that overwhelm both the firewall and the sandbox. To make things worse, organizations attempt to manage risk but cut costs by commonly deploying firewalls and sandboxes at predictable entry points, rather than protecting themselves system-wide.
And, while critical in a security environment, the firewall and the sandbox lack the command and control capacity to orchestrate a security environment's response to an attack – they can do nothing to stop it.
Simply put, organizations require security environments that are able to find, freeze and fix advanced malware fast:
Finding, freezing and fixing advanced exploits fast requires a fully integrated, well managed approach to IT security that analyzes, evaluates, communicates and decisively responds to each new threat. Such an approach will enable organizations to quickly and efficiently respond to threats comprehensively, removing coverage gaps and blind spots lurking between firewalls and endpoints, or from data center to mobile device.