Subscribe
  • Home
  • /
  • Business
  • /
  • IT security today - prevention just 25% of the picture

IT security today - prevention just 25% of the picture


Johannesburg, 31 Jul 2014
James Stevenson.
James Stevenson.

IT security teams need to re-balance their budgets across four key disciplines: prevention, predictive-based intelligence, rapid detection capabilities, and rapid resolution and retrospective capabilities, says James Stevenson, EMEA Security director for Blue Coat's Advanced Threat Protection Group.

"Currently, enterprises are still heavily reliant on preventative and predictive capabilities, but they are lacking stages three and four - rapid detection and remediation capabilities," says Stevenson. "Just look at the attackers' window of opportunity - the time of initial breach to detection.

He notes Verizon* says currently only 15% of attacks are discovered in days or less; compare this to 30% the previous year, indicating a decline in our ability to rapidly detect attacks. This is partly due to the fact that traditional technology is alert to known threats, but cannot respond to unknown threats. And there is always a delay between the arrival of new malware in the wild and the anti-virus community's ability to get a sample and build an AV tool to block it. We need to close this lengthy window of opportunity."

Illustrating his point, Stevenson says Blue Coat recently tracked a new malware sample first spotted on 10 July. "We sandboxed it in 45 seconds, then tracked the anti-virus community's capabilities. On day one, only one of over 50 top vendors had flagged it as malicious. Eleven days later, around 35 vendors had detected it. This shows just how easily new malware can bypass AV capabilities."

BCS advanced threat protection diagram.
BCS advanced threat protection diagram.

Rapid detection and remediation is a growing focus area, as vendors and enterprises see the shortcomings of traditional preventative security, says Stevenson. He notes Gartner* says while only 10% of security budgets are currently assigned to rapid detection and rapid remediation, it expects 75% of budgets to be assigned to this in the next six years.

"This illustrates the shift in focus that is needed," says Stevenson. He points out that Blue Coat is ahead of this trend, having made a range of acquisitions necessary to bring to market an integrated portfolio of solutions addressing all four crucial IT security disciplines. "Our approach is a holistic one, in that it encompasses the entire ATP life cycle. We have secure gateways, and should anything get through the prevention stage, we can automatically sandbox them, analyse them and then understand the root causes of infection." Stevenson also notes that integration of these key components is important. "Without integration, you have data silos where information is not shared with all separate technologies, so you're not getting full value from each of these technologies."

Stevenson, who joined Blue Coat with its acquisition of Solera last year, says he is excited to now be involved in a company able to operate across the entire advanced threat protection life cycle. "Now we can deliver rapid resolution, analytics, detection and malware analysis, with a vendor-neutral approach that allows us to reinforce customers' existing investments," he says.

Blue Coat will outline the global IT security threat environment and demonstrate Blue Coat's Advanced Threat Protection solutions at an upcoming seminar to be staged in Johannesburg and Cape Town.

Click here to register for this event in Johannesburg and here for this event in Cape Town.

*Gartner Top Security Trends and Takeaways for 2014
*Verizon Data Breach Report 2014

Share

Editorial contacts

Tracy Burrows
Blue Coat
(011) 807 3294
tracy@itweb.co.za