How to prevent Known and Unknown Cyber Attacks
Every now and then we hear a lot of talk in the security sector and among research organisations about the threats World is facing from Phishing, viruses, malware, advanced persistent threats, zero-days, targeted attacks, worms, Trojans, Distributed Denial of Service attacks to mention but a few. To precise, there are two fundamental types of threats which are either known or unknown. Known threats are the ones which security tools are designed to detect and protect against. Still, successful attacks by known threats happen and there’s room for improved protection. Traditionally, static defences quickly lose touch with the environment they’re meant to protect, reducing their effectiveness. A security expert I spoke to few weeks back informed me that most lack real time network visibility to be aware of changes to the IT environment and adjust defences accordingly. Interestingly, the ability to detect polymorphic files that change just enough to fool signature engines and the ability to share intelligence with other security tools.
Recent studies have shown that attackers have learned how to find and anticipate gaps in protection and evade detection. Using real time visibility, big data analysis and community intelligence to connect traditionally disparate technologies is what makes it much easier to defend modern networks against modern attacks. When it comes to unknown threats, the security expert revealed to me how they pose an even greater challenge for defenders. These complex threats stealthily evade detections, moving through an environment to reach the target and establishing a beachhead for subsequent attacks. Traditional, point in time detection tools can mitigate some risk but don’t and can’t continue to track files to retrospectively detect, understand and stop threats that initially appear to be safe but later exhibit malicious behavior. When it comes to IT security professionals, their job involved to protect the organisation against both types of threats. While it is a challenge, it isn’t insurmountable. Various advanced technologies can make intrusion prevention systems smarter and malware protection more efficient. They include big data analytics, contextual awareness, and collective security intelligence all working together.
Nowadays extended networks include endpoints, mobile devices, and virtual environments and data centers. Attackers often know more about these networks than the network owners and are using it to their advantage. Researchers have for long argues that security tools need to be effective to complete contextual awareness of the dynamic environment they protect. Smarter security solutions use the data related to the specific environment and automation to help IT security professionals make more informed and timely security decisions. And to to effectively protect an organisation against known and unknown threats, malware protection and IPS must work together, in a continuous fashion, to secure networks, mobile devices, endpoints and virtual machines. Other studies point to the visibility of file activity that is equally important knowing file heritage, behavior, and network trajectory provides additional context, or indicators of compromise.
Such helps to determine malicious intentions, impact and accelerate remediation. Security has become a big data problem. There is a need for technologies that tap into the sophisticated analytics of large data sets and clouds to deliver the insights to identify more advanced, highly targeted threats.The virtually unlimited, cost effective storage and processing power of the cloud allows an organisation to store and monitor information about unknown and suspicious files across the entire IT environment and beyond. Security tools that use a telemetry model to continuously gather data across the extended network and then leverage big data analytics helps to detect and stop malicious behavior even after a threat has passed through the initial lines of defence. A fellow coder told me that deeper level of analysis identifies threats based on what the file does and not what it looks like, enabling detection of new unknown types of attacks.