Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Zero-day Threats Call for Integrated Security and a Few Good Combat Metaphors

Spring has arrived, so a baseball metaphor like “cover your bases” might be in order, but cybercriminals aren’t playing games. They’re attacking organizations with everything they’ve got. With that in mind, when recommending ways to detect and block zero-day attacks, the language of cyber-warfare seems more appropriate.

Spring has arrived, so a baseball metaphor like “cover your bases” might be in order, but cybercriminals aren’t playing games. They’re attacking organizations with everything they’ve got. With that in mind, when recommending ways to detect and block zero-day attacks, the language of cyber-warfare seems more appropriate.

The enemy may use extremely devious methods of attack, or they might hide in plain sight. But what their advanced threats have in common today is that they’re new, or modified enough to look new and slip past more traditional defenses.

The reality is that you can’t just rely on a single defense or a silver bullet. While individual products and technologies are important weapons, they operate in a silo and lose sight of the bigger picture. What’s really needed is a fast and fully integrated platform comprising multiple sophisticated technologies—a platform that can assess threat levels, and leverage contextual information shared from other products to take decisive, proportionate action in response to each attack. To make that integrated platform a reality, consider using a layered, three-pronged plan of attack.

Silver Bullet - Not with IT Security

1. Guard the perimeter as if your life depended on it

Defend the network edge by making the most of firewalls, intrusion prevention systems (IPS), web gateways, and other conventional network security solutions—and, by all means, keep them up to date. Not so long ago, this was enough to keep your organization secure. In particular, you could depend on the effectiveness of signature-based technologies alone. But that was before a smarter breed of hackers learned to penetrate those systems by creating new variants and use stealthy techniques to avoid detection in most of today’s security infrastructure. To detect and block zero-day attacks, today’s security technologies must be capable of efficiently detecting these avoidance tricks, as well as determining the safety of an unknown executable even if its signature has never been seen before. This requires an arsenal of signatureless detection capabilities that work together to analyze code behavior, traffic behavior, and reputation. The solution must intelligently extract faint threat signals from the normal noise of network activity to minimize false positives and trigger suitable defense responses.

2. “Know the enemy and know yourself…”

The quote is from Sun Tzu and The Art of War. Live by his words and you “need not fear the result of a hundred battles.” His advice still rings true even after 2,500 years. However, the problem today is rather than a hundred battles, we’re talking thousands—every day.

Knowing today’s enemy requires deep analysis of anything resembling a serious threat, and given the mind-numbing increase in advanced malware, one of the most effective methods deployed these days is sandbox technology. These products provide an in-depth analysis of unknown files and code by evaluating them in a secure environment. Unfortunately, malicious actors have figured out how to avoid detection in most of today’s sandboxing products. Therefore, beyond observing behavior, sandboxes must be able to broaden detection capabilities for highly camouflaged, evasive threats. Additionally, sandboxes must be able to feed critical threat data to solutions that can take immediate action. In essence, ensuring sandboxes are part of the fully integrated platform mentioned above is critical to maximize detection and reduce security related incidents.

3. Build a security apparatus based on pre-emptive self-defense

Modern security systems must have the integrated intelligence to detect and contain dangerous threats before breaches occur. What’s more, they must be able to differentiate serious threats from those that can be easily dispatched or ignored. There has to be a way for all security control elements to quickly leverage the strengths and experiences of the others around them. In that regard, I’m talking about sharing intelligence not just between hardware and software but among humans as well. In this battle, every possible advantage must be brought to bear. Global, local, and third-party threat intelligence and organizational knowledge must come together to detect and deter our common enemy.

Keeping pace with the evolving threat environment is never going to be easy. The only way to stay current and effective is to evolve ourselves—constantly integrating, coordinating, and improving our technologies and our collective efforts. We need to do everything in our power to stay one step ahead of those who want to cash in or cause us harm. In other words, every day, we need to be more dedicated and smarter than they are.

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...