Attackers are always looking for new vulnerabilities to
exploit technologies with large-scale adoption or use/create/modify malware that
changes just enough to avoid known detection methods as it propagates through a
corporate network. The same malware or vulnerability is rarely used after
public discovery. The identification and sale of new vulnerabilities is a high-revenue
enterprise, as is the sale of malware kits which can be customized and use as
weapons against unsuspecting organizations. Cybercrime is a high-growth
industry and the players are only getting better organized and their attack
methods more elaborate.
The defenses widely in use today are limited to technology
that is overly reliant on the known, is unable to adapt when attackers change
their patterns, or find easier ways to sneak onto our networks undetected. The headline-grabbing
hacks of 2014 — Home Depot, JP Morgan Chase, eBay — only serve to highlight
this fact.
As I look at these recent examples of cybercrime, and look
forward to 2015, it’s perfectly clear: deflecting adaptive
attacks requires adaptive defenses, and this basic tenet is what
guides the focus of Guidance Software EnCase security products as we continue
to build upon our market-leading,
next-generation endpoint security technology.
So the challenge is significant, and further compounded by
the high number of information security alerts fired off — hundreds of
thousands to millions a day — and limited staff with which to prioritize,
evaluate, and respond to the alerts that pose the greatest risk to sensitive
data. Our adversaries have time and automation on their side, enabling a single
attacker to attempt to break into the network hundreds or thousands of times in
a single day. An attacker only need be right once, while the defender must be
right every single time.
Automation: The fastest way to
arrest an attack in progress
Given the high volume of daily events, which can only be
assumed to increase in 2015 if the past is any indication, fending off adaptive
attackers requires response automation to validate, assess and
remediate high-priority events before damage can be done. Guidance Software
works with leading detection and event management technology such as CEIC 2015 Gold
Sponsors HP
ArcSight, Cisco
SourceFire, and Intel
Security to automate the time-sensitive steps of the incident response
process — delivering real-time insights from your endpoints, and eliminating
time spent on after-the-fact data collection. We look forward to adding more
detection partners and integration points throughout 2015 to ensure that—no
matter what you have in place for detection or event aggregation—you have the
means to automate and streamline your incident response process.
I suspect in the coming year we will hear a lot more about
these two requirements and potential solutions not only from vendors, but also
from the analyst community and information security professionals who have
realized the insanity of using the same approach over and over while expecting
different or improved results. Case in point: Chris Sherman, Security and Risk
Analyst at Forrester Research shares Forrester’s views on endpoint security in
2015 in this webinar, “2015
Endpoint Security Predictions and Key Winning Strategies,” which I invite you to check out.
I’m excited to be at
Guidance Software as we enter 2015 energized to meet the challenges posed by
today’s digital adversaries, and helping our customers implement adaptive
endpoint security, and automated incident response capabilities designed to meet
the challenges associated with a persistent and adaptive adversary.
No comments :
Post a Comment