- Apr 13, 2013
- 3,225
I hope I'm not going too far into the weeds with this blog, but a valid concern held by many with eyes to see should be addressed. Even if the Home user is very well versed in security and safe computing, are the protection methods used by companies that we entrust out sensitive data to equally adept at protecting this data?
Since the inception of malware, but Home Users and Corporations have primarily used security products based on definition based detection. For the Home user, this belief that such products are of value can be seen right here at MT by viewing the Virus Exchange threads- the quality of a product is based entirely on raw detection and not how a product handles something that are true zero-day malware and thus will not be detected by any definitions. A firewall is still primarily thought of by most as something to keep badguys out, instead of something to prevent the transmission out of sensitive data.
The Enterprise space is finally wising up to this. Targeted malware (specific malware constructed to bypass a given company's definition based security and never released into the Wild outside of that Company) has caused major breaches at the retailers Home Depot and Target (Symantec clients) as well as a few multinational Financial Institutions that must at this time go unnamed. Traditional security protection is based on keeping BlackHats out; it is now being realized that this is a flawed philosophy. A hacker is going to get into an organization no matter what (my favorites are the bribing of employees to either infect the system by loading a Targeted Threat into the system or by stealing network credentials by various means).
A number of new security companies have begun a shift in traditional thinking- not to prevent hackers from getting in (nearly impossible), but instead to prevent any damage once they are in. Methods that range from Virtualization, real time forensics and behavior monitoring and suppression. Products made by companies using these techniques are in high demand and getting stronger as evidenced by their stock prices (examples of the Big Three):
FireEye
Palo Alto
CyberArk
Only time will tell if the implementation of new techniques will result in a breach-free world. But the fact that (some) Corporations are finally learning their lesson is encouraging.
Since the inception of malware, but Home Users and Corporations have primarily used security products based on definition based detection. For the Home user, this belief that such products are of value can be seen right here at MT by viewing the Virus Exchange threads- the quality of a product is based entirely on raw detection and not how a product handles something that are true zero-day malware and thus will not be detected by any definitions. A firewall is still primarily thought of by most as something to keep badguys out, instead of something to prevent the transmission out of sensitive data.
The Enterprise space is finally wising up to this. Targeted malware (specific malware constructed to bypass a given company's definition based security and never released into the Wild outside of that Company) has caused major breaches at the retailers Home Depot and Target (Symantec clients) as well as a few multinational Financial Institutions that must at this time go unnamed. Traditional security protection is based on keeping BlackHats out; it is now being realized that this is a flawed philosophy. A hacker is going to get into an organization no matter what (my favorites are the bribing of employees to either infect the system by loading a Targeted Threat into the system or by stealing network credentials by various means).
A number of new security companies have begun a shift in traditional thinking- not to prevent hackers from getting in (nearly impossible), but instead to prevent any damage once they are in. Methods that range from Virtualization, real time forensics and behavior monitoring and suppression. Products made by companies using these techniques are in high demand and getting stronger as evidenced by their stock prices (examples of the Big Three):
FireEye
Palo Alto
CyberArk
Only time will tell if the implementation of new techniques will result in a breach-free world. But the fact that (some) Corporations are finally learning their lesson is encouraging.
