IT security has become a race against the clock. In all probability, most organizations have already been compromised by some type of malware. The challenge is to discover that malware before it becomes active or, at the very least, contain it as quickly as possible once it does.
Malware has become sophisticated enough to get past network and endpoint security technologies, such as firewalls and antivirus (AV) software, that IT organizations have relied on for years. What’s more, in the wake of high-profile attacks on Target, Home Depot, Sony, JP Morgan Chase and even the U.S. Central Command, much of the focus on IT security has shifted to malware detection.
A big part of the reason for this is that not only is there a lot more malware these days, malware today is much more lethal in terms of not only the amount of it, but also its sophistication.
“There’s not only a lot more malware,” said Stephen Harrison, director of sales for EverSec Group, a reseller of IT security software. “The caliber of the threat is much greater.”
Because hackers now have access to better tools, IT organizations must improve their security defenses. To address those customer requirements, EverSec partnered with LightCyber, a provider of what is being referred to as “active breach detection” software.
LightCyber Magna software is unique in that it not only identifies threats, but it doesn’t require a massive amount of IT infrastructure resources to support it; that makes malware-detection software much more accessible to small and midsize business (SMB) customers, Harrison said.
“We’re identifying malicious code using analytics to identify suspicious behavior,” said Dave Cowert, director of products at FireEye. “We then share that information with other products via our APIs.”
That may not sound all that difficult, but modern malware is now a lot more challenging to detect.
“It’s not so much how persistent the malware has become, but rather the amount of evasive behavior it exhibits,” said Brian Laing, vice president of products at Lastline. “You need to be able to see the malware spread laterally through the organization.”
The end result is a significant shift in IT security strategies.
“We’re applying data science to security,” said Wade Williamson, director of product development and marketing for Vectra Networks. “It’s about identifying patterns.”
The opportunity for solution providers, said Williamson, is to provide the integration framework that enables an alert of confirmed instances of malware to be then shared with all the IT security technologies that have been deployed by that customer to ensure that the vulnerability the malware might exploit gets remediated before the attack gets launched, and that the malware infestation doesn’t spread any further.
As part of those efforts, more emphasis is also starting to be placed on automation within the context of network access control (NAC).
Increased reliance on automation helps level the playing field for IT security staffs that are perennially short-handed, said Jack Marsal, director of solution marketing for ForeScout, a provider of continuous network monitoring software.
“There are too many risky things happening at the same time for IT security staffs to keep up,” Marsal said. “Providing a one-time assessment of vulnerabilities is no longer sufficient.”