By Patrick Grillo
If security controls cannot detect malicious software (malware) during this period, then it’s a matter of time before you become a statistic.
A deeper, more comprehensive approach is needed to counter these increasingly sophisticated attacks. Although covering a broad set of advanced and traditional tools for overall network security, here is a simple framework for combating APTs:
Prevent the known threats: lots of malware are already known. The cybercriminal might be highly creative, but they exhibit the same human flaw shared by us all: laziness. Last year nearly a quarter of malware was more than 10 years old and almost 90 percent discovered before 2014.
Known threats should be blocked immediately through the use of next-generation firewalls, secure e-mail gateways, endpoint security and other similar products leveraging highly accurate security technologies. Doing simple things, like keeping security patches up-to-date, and continually testing and retesting the security of your information-technology infrastructure, are the building blocks of a strong network.
Detect the unknown. Many new approaches can detect previously unknown threats and create actionable threat intelligence. Sandboxing allows potential malware to be handed off to a sheltered environment so its full behaviour can be directly observed without affecting production networks. But sandboxing alone is no panacea. Attackers figure out how they work then find ways around them. That’s why it’s important to stay updated: just as criminals evolve, your system needs to evolve too.
Mitigate: Taking action. The prevention of threats into the network is the first priority for any security system. But a clear detection and remediation process is key when, not if, they do.
It’s not one particular technology that’s the key to Advanced Threat Protection (ATP), but the notion of the integration and collaboration between them. ATP relies on multiple types of technologies, products and research, each with different roles and each working in concert with one another.
We can expect to see continued cybercriminal innovation with an even greater focus on deceiving and evading existing solutions. While there is no “silver bullet,” deploying a multilayered approach with established and emerging technologies will help break the kill chain of APTs.
****
Patrick Grillo is Product Strategy senior director of Fortinet Inc., a Sunnyvale, California-headquartered American multinational corporation that sells high performance network-security products and services. The views expressed in this abridged version of Grillo’s article does not necessarily reflect that of the Businessmirror.