Over the past 30 years, both cyber-attacks and security protections have rapidly evolved. Looking back, it's easy to identify successive generations of attacks, security solutions and the point at which the pace of the attack evolution started to exceed the levels of security most businesses had deployed. Fast forward to today, and attacks targeting enterprises are the most advanced and destructive ever seen — yet cyber protections deployed by most businesses are generationally outdated and incapable of protecting against current threats.
The stark reality is using a point-solution approach, provides businesses with a security defense that is three to four generations behind the level of attacks they are facing – equivalent to being 15-20 years behind the times. But this security generation gap can be closed by adopting a holistic approach to security — one that is integrated, unified and that shares threat information across all vectors in real time.
Let's examine how the generations of cyber-attacks — and the corresponding security defenses – have evolved:
Generations of attacks and security
- First-generation (Gen I) attacks began in the 1980s with the mass availability of personal computers. Virus-malicious software programs that replicate themselves on computers soon emerged, affecting all PC users and leading to drive the development of commercial anti-virus software.
- Second-generation (Gen II) attacks emerged in the 1990s with the advent of networking and the Internet. This explosion in connectivity opened the gates for malicious software and intrusion attempts — like the 1994 theft of over $10 million from Citibank — leading to the development of the network firewall.
- Third-generation (Gen III) attacks emerged in the early 2000s as attackers learned to leverage vulnerabilities in all components of IT infrastructure, including in operating systems, hardware and applications. Examples include the SQLSlammer worm which became the fastest spreading worm of all time.
This era also saw an explosion of technologies and services, that in turn lead to an explosion of start-up security vendors and products. Around this time, the protection delivered by enterprise security infrastructures began to fall behind the speed and sophistication of the attacks.
- Fourth-generation (Gen IV) attacks emerged around 2010 as attackers reached new levels of sophistication. These attacks had large-scale financial and/or reputational impacts on the public, as well as business enterprises and governments. Examples include the massive breach at US retailer Target which compromised 40 million customer credit cards and the private information of up to 110 million.
Gen IV also marked the point where detection-based security was no longer enough: such products only detect attacks based on identifiable signatures that are created AFTER an attack is discovered, analyzed and communicated widely. The window of exposure could last days or months until an update became available.
- Fifth-generation (Gen V) attacks emerged with force around 2017 as sophisticated, advanced hacking tools – some state developed and then leaked to the Dark Web - drove large-scale, multi-vector, mega-attacks that generated revenue for criminals and caused large-scale financial and brand reputation losses for their victims. Sophisticated malware infiltrated and proliferated to and from virtually any vector of IT infrastructure including networks, cloud, remote offices, mobile devices and more. Examples include the WannaCry attack, which affected 300,000 computers across 150 countries, and NotPetya, which caused losses of $300 million for a number of affected businesses.
Gen V attacks move with unprecedented speed, causing huge disruption and damage. The threats easily overwhelm earlier generations of non-integrated, detect-only technologies.
How many generations behind are we?
To establish the extent of the generation gap between threats and security, Check Point recently surveyed nearly 450 security professionals worldwide about their security infrastructures. The results show that enterprise security lags dangerously behind the level of attacks it must protect against: most businesses are only at Gen II or Gen III of security.
A key finding from the survey found that the 31 percent of our sample that used consolidated security architecture, identified and remediated attacks 20x faster and at 1 percent of the cost compared to that used a point solution, best-of-breed approach. Further, enterprises using a point-solution approach end up with a security estate consisting of 15-to-20 security products, working in detect-only mode unable to prevent attacks, and which also absorbs a huge amount of management time.
For effective cyber-prevention, businesses must move to a Gen V security infrastructure. Gen V security is advanced threat prevention that uniformly prevents attacks on a business' entire IT infrastructure using single-console central management for administration, monitoring and response. This not only protects against Gen V attacks but is built on an infrastructure where additional security capabilities can be easily added as threats and IT environment evolves.
This approach of countering Gen V attacks with Gen V security will firmly close the security generation gap and ensure that it stays closed.