Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Objects in the Mirror are More Damaging than They May Appear

Retrospective Security Serves as a ‘Mirror’ and Enables a New Level of Security Effectiveness…

Retrospective Security Serves as a ‘Mirror’ and Enables a New Level of Security Effectiveness…

Virtually every vehicle these days comes equipped with a rear view mirror and side view mirrors, and with good reason. Imagine the safety issues with no visibility. How would you know if there’s a pedestrian walking by as you pull out of parking space? Or a police, fire or rescue vehicle coming up from behind, responding to a call? Or another driver trying to pass you? Talk about a blind spot!

It wasn’t always this way though. For the first 30 years, gas powered automobiles operated without mirrors. They weren’t even a consideration. With no congestion and slow speeds, drivers could focus on the road ahead, avoid obvious hazards and remain fairly safe. But as the automobile became more popular and more powerful, new dangers emerged and lack of visibility became a challenge. Rear view and side view mirrors were developed and quickly became ‘must haves.’

Retrospective security We’re at a similar inflection point in the IT security industry. When the first PC viruses appeared nearly 25 years ago, defenders could protect against them by detecting and blocking files as they attempted to enter the network. But now threats have evolved and are more cunning than any we’ve experienced before – able to disguise themselves as safe, pass through defenses unnoticed, remain undetected and later exhibit malicious behavior. Focusing only on what’s ahead (i.e., scanning files once at an initial point in time to determine if they are malicious) is no longer sufficient. Once files enter a network, most security professionals have no way to look back. Without ‘mirrors’ they can’t continue to monitor files and take action should the files later prove to be malicious.

So how can you gain visibility and control after an unknown or suspicious file has permeated the network? Retrospective security serves as those ‘mirrors,’ enabling a new level of security effectiveness that combines retrospective detection and remediation with up-to-the-minute protection. IT security staff can continue to track, analyze and be alerted to files previously classified as safe but subsequently identified as malware and then take action to quarantine those files, remediate and create protections to prevent the risk of reinfection.

Key technologies have advanced to enable retrospective security. The first is big data analytics. Emerging with the explosive growth of data, storage and processing power, big data is a term used to characterize massively large data sets ranging in terabytes or petabytes. Retrospective security accesses big data and turns that data into information for automated actions as well as actionable intelligence that IT security teams can use to make more informed, timely security decisions after an attack.

Cloud computing is another powerful new tool to enable retrospective security. Leveraging the virtually unlimited, cost-effective storage and processing power of the cloud, retrospective security applies big data to continuously track and store file information across a widespread community and analyze how these files are behaving against the latest threat intelligence stored in the cloud.

Armed with this knowledge IT security staff can rapidly identify a file that begins to act maliciously and move quickly to understand the scope of the damage, contain the threat, remediate it and bring operations back to normal. They can also move forward with more effective security by automatically updating protections and implementing integrated rules on the perimeter security gateway, within security appliances protecting internal networks and on endpoints to detect and block the same attack.

New threats and new technologies are coming together to bring a new perspective to security. Just as rear view and side view mirrors were added to automobiles when the time was right, the time is right now for IT security to include retrospective security.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...