Posted by - Robert Erwin
If you’re going to Black Hat in Las Vegas this year, you are likely to encounter many claims about “stopping more threats”, as you stroll through the Mandalay Bay exhibit halls. This commitment to Prevention makes sense, as our mission as security vendors is to limit our customers’ risk exposure by keeping users off infected sites, and blocking inbound threats. But regardless of the claims, and everyone’s well-intentioned objectives, the harsh reality is that no solution is able to stop every single threat. As Gartner puts it “Malware is already inside your organization; deal with it!”
Unfortunately, dealing with active network infections has not been top of mind for some organizations, not to mention, some security vendors. Of course, blocking threats is important – it’s just that 100% prevention is impossible. Clearly a mind shift is needed. As Gartner noted in a research report, “organizations must assume they are compromised, and, therefore, invest in detective capabilities that provide continuous monitoring for patterns and behaviors indicative of malicious intent.”1 This means that in the unfortunate event an APT gets into your organization and tries to contact command and control outside in order to steal data, you must have the ability to distinguish these nefarious communications from your normal traffic, and act quickly to mitigate the problem and avoid costly data loss.
Yet, evidence to the contrary aside, many security providers don’t want to admit that blocking 99% just doesn’t cut it and IT departments don’t want to accept that their networks may be compromised. At iboss, we think the key is to continue blocking as many advanced threats as possible, while also focusing on detecting and responding to existing infections. What’s required, and what we will be discussing at Black Hat, are three essentials that when combined with inbound threat protection, deliver the data security today’s organizations need:
- Behavioral anomaly detection, also referred to as baselining, allows you to detect outbound data anomalies and stop traffic mid-stream to prevent data loss
- Continuous monitoring to detect threats and reduce dwell time
- Sandboxing for in-depth analysis of APTs
iboss experts will be presenting information on these topics and more at Black Hat so be sure to stop by our booth:
- Data Visibility vs. Network Visibility – Why Both are Critical
- The High Cost of Unseen Ports
- Malware is already on your network - deal with it
- Securing the Mobile Stack
- Data Anomaly Baselining – Why Sandboxing alone is not enough
- SSL traffic inspection - Dealing with scenarios where decryption is not an option
Register for Black Hat Today
1 Malware is Already Inside Your Organization; Deal With It. Peter Firstbrook and Neil MacDonald. February 12 2014.