Strategy, Threat intelligence, Threats, Malware

SC Congress Canada: Threat intel can mitigate attacks

May 10, 2012

An SC Congress Canada panel assembled Wednesday to discuss today's most pressing security concerns cited malware and data leakage as the largest worries, but said that intelligence sharing can aid in fighting back.

Addressing the question were Robert Knoblauch, director of technology security services at Scotiabank, and Adam Evans, who runs the financial institution's computer security incident response team.

With the bank operating in 57 countries, Knoblauch said he and his team must apply a different focus on each region where the bank does business.

Malware against which traditional tools don't work are the first big bucket of challenges Scotiabank faces, Knoblauch said, preferring to avoid using the term advanced persistent threat to describe stealthy and difficult-to-detect malicious code.

Blended attacks, which use multiple methods to spread -- such as a spam email that contains a link to a malicious website on which an exploit launches if a user's machine is vulnerable -- is another major area of concern, said Evans. The situation is exacerbated by today's malware and delivery mechanisms, which are constantly evolving and changing.

The insider threat represents another tier of threats, a risk only bolstered by increasing use of social media among employees, Knoblauch said. Even though some of this traffic might be encrypted, it still presents opportunity for data leakage, he said.

To assist in detection and response, Knoblauch pointed to intelligence feeds and security threat intelligence. Working with vendors to gain instantaneous data and correlating logs with real-time threat intelligence greatly aids in managing and mitigating attacks, he said.

The Scotiabank team takes proactive steps by building behavioral detection capabilities to find anomalies in the traffic, said Evans. 

“You have to have mature log files and the means to analyze them,” he said, acknowledging that businesses often lack the personnel to handle such routine tasks. “A lot of traditional controls help out, but the big bang for our buck has been threat intelligence and custom tuning of the security systems working with various vendors."

prestitial ad