They say imitation is the sincerest form of flattery—and we agree! Today we saw other endpoint security vendors promote their “streaming prevention.” Well we say “welcome to the club guys,” because this isn’t a new technology.
As global cyber security attacks intensify and attackers continue to grow in sophistication, the industry faces increasing challenges in the years ahead. Following are some of my predictions on what we can expect to see in the cyber security protection landscape in 2017—both in terms of industry trends and rising threats:
Gartner has been the most vocal about the need for a process shift, advocating what it calls an “adaptive malware security architecture.” The idea is to balance efforts among attempting to predict when a breach will occur, preventing the ones you can, detecting what a successful attacker has done on the endpoint, and ultimately responding to the attack in some way. You need to be doing all of these, all the time, with a variety of technologies, so you can respond appropriately.
“How you protect yourself from a shotgun blast is very different than how you protect yourself from a sniper’s bullet,” says Neal MacDonald, VP distinguished analyst at Gartner.
Let’s look at a real-world example of why you need change now, before you get stuck in the quicksand of a disastrous endpoint breach your prevention tools missed.
The SANS study asked respondents what percentage of their incident response processes are automated through the use of purpose-built tools for remediation workflow. Just 16% automate more than 51% of incident response tasks. No wonder attackers go undetected for months or even years. And, no wonder we can’t deliver even the most fundamental answers to what happened in a breach.
Automation tends to spook IT professionals. But you should be more afraid of what happens without it. We discuss automation in depth in our 2014 DevOps Survey report. DevOps is all about automation, and it can be a boon for security. It opens up architectural discussions and forces entrenched IT constituencies into a mature process, getting people to trust in repeatable and reliable automated processes.
Given the endless game of whack-a-mole that is IT malware security, it makes sense that, as anti-virus effectiveness waned, malware analysis software vendors moved to network-level prevention. The idea: We won’t need to scramble to keep malware attack off endpoints if we can block the exploit or malware security at the email server or web gateway.
From network-based anomaly detection to advanced sandboxing, these tools flooded the market and worked great — for a while. As they always do, attackers adjusted, adding new techniques, such as encryption and fast-flux DNS. It is an arms race, after all. Some malware attackers started to obscure their exploits, hiding in plain sight by blending with innocuous network traffic. Others simply stopped aiming at the network. No network traffic means no results from network detection tools.effectiveness waned, malware security software vendors moved to network-level prevention. The idea: We won’t need to scramble to keep malware off endpoints if we can block the exploit or malware security at the email server or web gateway.
Rest in peace, antivirus tools. You had a good run for a security technology — 1987 to 2014.
In case you missed it, in May, Symantec called time of death for antivirus software. It did so not because AV technologies suddenly became less effective. Rather, the company finally acknowledged that it’s not a matter of if, but when, an organization will be targeted and that antivirus products will stop only some attacks. Plenty of security bloggers and pundits reacted with glee, given that antivirus software reportedly represents 40% of Symantec’s revenue.
Topics: endpoint security
Defense in Depth is touted in the security industry daily. Every engineer learns about the concept in university and countless whitepapers will expound that it can save your butt when an attack occurs.