Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Back to the Future – A New Reality in IT Security

The ability to travel back in time has captured the imaginations of generations around the world for hundreds of years. One of the more universally-recognized examples is the ‘Back to the Future’ film trilogy which grossed nearly $1 billion US dollars in theaters worldwide. Being able to go back to a previous time, observe what happened and then learn from those events to improve the present and future is a powerful notion.

The ability to travel back in time has captured the imaginations of generations around the world for hundreds of years. One of the more universally-recognized examples is the ‘Back to the Future’ film trilogy which grossed nearly $1 billion US dollars in theaters worldwide. Being able to go back to a previous time, observe what happened and then learn from those events to improve the present and future is a powerful notion.

Wouldn’t it be great to be able to actually do that as an IT security professional? Think about it.

Traditional detection-only defenses are stuck in the present. They conduct inspection at a single, initial point in time and they have no memory. They allow anything they don’t recognize immediately as a threat through and forget that the file ever existed.

Time MachineCapitalizing on this limitation, advanced malware writers continuously innovate, use a variety of techniques to obscure malware and make it much harder to initially detect. For example, they may use polymorphic files that change just enough to fool the signature engines, sophisticated downloaders to obtain malware on demand from command and control (CnC) networks and erasable Trojans that delete their own components making it difficult for forensics investigators to find and analyze the malware. To ensure success, many attackers even test their malware against the more popular security tools before launching attacks. Once a threat does enter a network, most IT security professionals have no way to go back in time, see what happened, when it happened, identify the root cause and determine the extent of the damage and remediate.

To detect, understand and stop these increasingly evasive threats you need new tools and techniques that enable you to always watch, never forget and then take action should a file be determined to be malicious at a later time. In effect, you need to be able to turn back time.

Technology has advanced to make this possible and I’m not talking about the flux capacitor. I’m talking about big data-powered continuous capability and retrospective security.

Big data adds ‘memory’ to security. The widespread availability of affordable storage capacity and processing power along with sophisticated data mining techniques mean we no longer have to discard files that aren’t recognized as threats upon initial inspection. We can collect this data and continuously monitor and analyze files that have moved across the wire into the network or from endpoint to endpoint and identify subsequent malicious behavior whenever it may begin.

Retrospective security uses this continuous capability to let you, in essence, travel back in time and retrospectively identify which devices have been exposed to malware, regardless of when the file is identified as malware. This requires not just tracking every file but also the full lineage of every action that happens on every protected device and mapping how the files travel through the organization and what the files do on the system. By being able to determine the scope of an outbreak and root cause(s), you can quickly switch to response mode during an attack and effectively determine and implement the necessary controls and remediation steps. Delving into the rich history that big data provides you can also identify the point of entry and prevent reinfection, automatically.

Traveling back in time isn’t something to relinquish to science fiction. Just as advancements in other fields – cloning, space travel and bionics – have made seemingly far-fetched ideas reality, big data analytics is making time travel a reality in security. Now you can learn instantly from the past and come back to create a more secure present and future.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.