Subscribe

Document exchange poses threats

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 20 Mar 2015
Anti-virus is fast but only deals with known malware, says Noam Green, product manager at Check Point Software Technologies.
Anti-virus is fast but only deals with known malware, says Noam Green, product manager at Check Point Software Technologies.

The traditional approach of protecting against infected documents by looking for malware and blocking it does not provide 100% guaranteed protection, as zero-day malware still infects networks.

So says Noam Green, product manager at Check Point Software Technologies, who notes attacks on organisations are constantly growing, and for businesses, any communication or document exchange poses a threat.

"Companies definitely need stronger defences against these attacks."

The traditional methods of document protection include running the document through anti-virus, anti-spam, as well as sandboxing capabilities, says Green.

Joxean Koret, a security researcher at consultancy firm Coseinc, says anti-virus programs often install with high administrator privileges, which lets them perform necessary actions such as scanning the entire document, modifying or removing malicious programs.

However, Koret notes, if an anti-virus program were compromised, it would have extensive power to abuse the computer on which it was installed.

He adds anti-virus programs are just as likely to have flaws, even serious zero-day flaws, as any other program, simply because a human being wrote them. "For example, most anti-virus programs update themselves via insecure HTTP connections, and most of those updates are not cryptographically verified."

Green points out anti-virus is fast but only deals with known malware. He adds that while sandboxing may help in identifying zero-day malware, it is significantly slower.

"Each technique has its advantages and disadvantages, and some malware may evade some of these techniques. It is important to remember the more layers of security you implement, the smaller the risk of getting infected," Green says.

Circumventing anti-viruses is a common technique of altering known malware and, thus, making them invisible to signature-based anti-viruses.

ITWeb Security Summit 2015

Don't miss the definitive event for security professionals:
26 to 28 May, Vodacom World, Midrand
Book today!

"While there are best solutions out there, it's a continuous cat-and-mouse game where cyber criminals work hard to evade new technologies, and security companies have to continuously evolve with new technologies to prevent these attacks.

"When it comes to security, the weakest link is usually people - you won't believe how easy it is to trick people into clicking unknown links, or enabling macros on documents."

Check Point has unveiled its Threat Extraction solution, which it says ensures documents are safe.

"Our latest product has been tested with thousands of unknown threats and has reached 100% malware-free documents," says Green.

"Can we guarantee 100% moving forward? Probably not. We can state what our tests have shown using our newest techniques today."

He notes there is a delicate balance between being 100% safe and being able to operate a business.

"Being 100% means cutting all networking communications and essentially moving back to paper and pens. What we at Check Point strive to do is to enable the highest level of security which still enables modern organisations to operate seamlessly. We believe we have the best set of tools to provide that," he concludes.

Share