The buzzwords in anti-malware technology is all around getting your organization protected before something bad happens. Especially in this day and age when malware attacks are short-lived, and there isn't much time for a "signature" to be written to protect your users.
That's why anti-malware vendors are trying to get ahead of the game with so-called "zero-day" defenses, where they use heuristics, fuzzy logic, and other technologies to determine new viruses when they arrive on your doorstep.
There's a new terminology out there now, called "negative-day" defense, and refers to blocking websites that are hosting malware before those websites get used in an attack. It turns out there are lots of websites that are in existence all the time hosting malware that aren't actively being used in an attack. These are referred to as malware delivery networks or malnets for short. Apparently cyber-criminals keep these malnets around as an infrastructure for their cyber attacks. So when they do launch an attack, say on a popular website, and embed malware links, these links point back to these existing servers hosting malware in these malnets.
Blue Coat Systems is tracking malnets using their Webpulse cloud technology, and users of this technology get to block malnets before they get used in a live attack. Based on their statistics Blue Coat determined that approximately two thirds of all attacks in 2011 used malnets that Blue Coat was already aware of to deliver their malware. Blue Coat describes malnets and specific cases in their 2012 Web Security Report, including the case of the Urchin attack which lasted only 10 days, and in which only 4 out of 44 anti-malware vendors were able to produce a signature by the time the attack ended. Blue Coat customers were protected prior to the attack and during the attack, because Blue Coat was already blocking the malnet used to host the attack.
In Blue Coat's prediction for 2012, they predicted malnets will continue to be used in cyber attacks, and blocking known malnets seems like an easy way to protect yourself from at least a good portion of attacks on the web.
Monday, June 25, 2012
Monday, June 18, 2012
Is BYOD worrying you yet?
Among the latest buzzwords in the IT industry is the phrase BYOD. It stands for Bring Your Own Device and refers the burgeoning number of devices that employees are bringing into the office from home and attaching to the organization's network. It includes tablets, smart phones and home laptops. It's estimated by one analyst group that the average employee will own seven internet connected devices by 2015.
If the security risk of putting non-corporate owned devices on the network hasn't got you worried, think about the increased traffic trying to access the internet. If your employee only had one device and by 2015 they'll have seven, that's a significant bandwidth increase requirement for your infrastructure.
And of course we shouldn't toss aside security so quickly. Since these devices don't have any mandates from the corporate IT department on them, and have accessed networks other than the corporate ones, they're likely targets for malware, not to mention data loss.
The other fun statistic I saw recently was that it's estimated the average smartphone has 65 applications installed on it. That's an incredible number. Who has time to use 65 different applications? And what if any controls does the corporate IT department have over what applications can do and access?
So if you haven't started a BYOD initiative in your IT department, it's really time you started. It's more than just the web gateway security issues, but that's not a bad place to start.
If the security risk of putting non-corporate owned devices on the network hasn't got you worried, think about the increased traffic trying to access the internet. If your employee only had one device and by 2015 they'll have seven, that's a significant bandwidth increase requirement for your infrastructure.
And of course we shouldn't toss aside security so quickly. Since these devices don't have any mandates from the corporate IT department on them, and have accessed networks other than the corporate ones, they're likely targets for malware, not to mention data loss.
The other fun statistic I saw recently was that it's estimated the average smartphone has 65 applications installed on it. That's an incredible number. Who has time to use 65 different applications? And what if any controls does the corporate IT department have over what applications can do and access?
So if you haven't started a BYOD initiative in your IT department, it's really time you started. It's more than just the web gateway security issues, but that's not a bad place to start.
Subscribe to:
Posts (Atom)
Posts
