Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Objects in the Mirror are More Damaging than They May Appear

Retrospective Security Serves as a ‘Mirror’ and Enables a New Level of Security Effectiveness…

Retrospective Security Serves as a ‘Mirror’ and Enables a New Level of Security Effectiveness…

Virtually every vehicle these days comes equipped with a rear view mirror and side view mirrors, and with good reason. Imagine the safety issues with no visibility. How would you know if there’s a pedestrian walking by as you pull out of parking space? Or a police, fire or rescue vehicle coming up from behind, responding to a call? Or another driver trying to pass you? Talk about a blind spot!

It wasn’t always this way though. For the first 30 years, gas powered automobiles operated without mirrors. They weren’t even a consideration. With no congestion and slow speeds, drivers could focus on the road ahead, avoid obvious hazards and remain fairly safe. But as the automobile became more popular and more powerful, new dangers emerged and lack of visibility became a challenge. Rear view and side view mirrors were developed and quickly became ‘must haves.’

Retrospective security We’re at a similar inflection point in the IT security industry. When the first PC viruses appeared nearly 25 years ago, defenders could protect against them by detecting and blocking files as they attempted to enter the network. But now threats have evolved and are more cunning than any we’ve experienced before – able to disguise themselves as safe, pass through defenses unnoticed, remain undetected and later exhibit malicious behavior. Focusing only on what’s ahead (i.e., scanning files once at an initial point in time to determine if they are malicious) is no longer sufficient. Once files enter a network, most security professionals have no way to look back. Without ‘mirrors’ they can’t continue to monitor files and take action should the files later prove to be malicious.

So how can you gain visibility and control after an unknown or suspicious file has permeated the network? Retrospective security serves as those ‘mirrors,’ enabling a new level of security effectiveness that combines retrospective detection and remediation with up-to-the-minute protection. IT security staff can continue to track, analyze and be alerted to files previously classified as safe but subsequently identified as malware and then take action to quarantine those files, remediate and create protections to prevent the risk of reinfection.

Key technologies have advanced to enable retrospective security. The first is big data analytics. Emerging with the explosive growth of data, storage and processing power, big data is a term used to characterize massively large data sets ranging in terabytes or petabytes. Retrospective security accesses big data and turns that data into information for automated actions as well as actionable intelligence that IT security teams can use to make more informed, timely security decisions after an attack.

Cloud computing is another powerful new tool to enable retrospective security. Leveraging the virtually unlimited, cost-effective storage and processing power of the cloud, retrospective security applies big data to continuously track and store file information across a widespread community and analyze how these files are behaving against the latest threat intelligence stored in the cloud.

Armed with this knowledge IT security staff can rapidly identify a file that begins to act maliciously and move quickly to understand the scope of the damage, contain the threat, remediate it and bring operations back to normal. They can also move forward with more effective security by automatically updating protections and implementing integrated rules on the perimeter security gateway, within security appliances protecting internal networks and on endpoints to detect and block the same attack.

New threats and new technologies are coming together to bring a new perspective to security. Just as rear view and side view mirrors were added to automobiles when the time was right, the time is right now for IT security to include retrospective security.

Advertisement. Scroll to continue reading.
Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.