Security Experts:

Objects in the Mirror are More Damaging than They May Appear

Retrospective Security Serves as a 'Mirror’ and Enables a New Level of Security Effectiveness...

Virtually every vehicle these days comes equipped with a rear view mirror and side view mirrors, and with good reason. Imagine the safety issues with no visibility. How would you know if there’s a pedestrian walking by as you pull out of parking space? Or a police, fire or rescue vehicle coming up from behind, responding to a call? Or another driver trying to pass you? Talk about a blind spot!

It wasn’t always this way though. For the first 30 years, gas powered automobiles operated without mirrors. They weren’t even a consideration. With no congestion and slow speeds, drivers could focus on the road ahead, avoid obvious hazards and remain fairly safe. But as the automobile became more popular and more powerful, new dangers emerged and lack of visibility became a challenge. Rear view and side view mirrors were developed and quickly became ‘must haves.’

Retrospective security We’re at a similar inflection point in the IT security industry. When the first PC viruses appeared nearly 25 years ago, defenders could protect against them by detecting and blocking files as they attempted to enter the network. But now threats have evolved and are more cunning than any we’ve experienced before – able to disguise themselves as safe, pass through defenses unnoticed, remain undetected and later exhibit malicious behavior. Focusing only on what’s ahead (i.e., scanning files once at an initial point in time to determine if they are malicious) is no longer sufficient. Once files enter a network, most security professionals have no way to look back. Without ‘mirrors’ they can’t continue to monitor files and take action should the files later prove to be malicious.

So how can you gain visibility and control after an unknown or suspicious file has permeated the network? Retrospective security serves as those ‘mirrors,’ enabling a new level of security effectiveness that combines retrospective detection and remediation with up-to-the-minute protection. IT security staff can continue to track, analyze and be alerted to files previously classified as safe but subsequently identified as malware and then take action to quarantine those files, remediate and create protections to prevent the risk of reinfection.

Key technologies have advanced to enable retrospective security. The first is big data analytics. Emerging with the explosive growth of data, storage and processing power, big data is a term used to characterize massively large data sets ranging in terabytes or petabytes. Retrospective security accesses big data and turns that data into information for automated actions as well as actionable intelligence that IT security teams can use to make more informed, timely security decisions after an attack.

Cloud computing is another powerful new tool to enable retrospective security. Leveraging the virtually unlimited, cost-effective storage and processing power of the cloud, retrospective security applies big data to continuously track and store file information across a widespread community and analyze how these files are behaving against the latest threat intelligence stored in the cloud.

Armed with this knowledge IT security staff can rapidly identify a file that begins to act maliciously and move quickly to understand the scope of the damage, contain the threat, remediate it and bring operations back to normal. They can also move forward with more effective security by automatically updating protections and implementing integrated rules on the perimeter security gateway, within security appliances protecting internal networks and on endpoints to detect and block the same attack.

New threats and new technologies are coming together to bring a new perspective to security. Just as rear view and side view mirrors were added to automobiles when the time was right, the time is right now for IT security to include retrospective security.

view counter
Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.