Subscribe
  • Home
  • /
  • Malware
  • /
  • Webinar on dealing with new generation threats

Webinar on dealing with new generation threats

By Allyson Towle
Johannesburg, 08 Aug 2017

A new cyber security paradigm - understanding and blocking advanced threats Webinar

Take this exclusive opportunity to register, free of charge, for the new cyber security paradigm Webinar on the morning of Wednesday, 23 August. In just over an hour you will gain insight into how you can effectively understand and block advanced threats as well as gain insight into the latest ransomware, endpoint detection and adaptive defence 360. Register now for this free-to-attend Webinar.

Josu Franco, strategy and technical advisor at Panda Security, states the following: "With the huge number of digital devices that people use today, there is no way that security administrators can monitor all executables run on the corporate network. Without the help of an advanced cyber security solution adapted to this new reality, companies may feel overwhelmed by the number of devices to manage."

A Gartner report titled "Prevention is futile in 2020: protect information via pervasive monitoring and collective intelligence", predicts what we are currently seeing in the cyber security landscape - an environment plagued by new generation threats that are simply too advanced to be stopped by traditional AV products. Further, Gartner predicts that 80% of endpoint protection platforms will include user activity monitoring and forensic capabilities by 2020.

Until very recently businesses believed they were well protected by their traditional security products. Unfortunately this isn't the case, in the light of the recent widespread ransomware attack - WannaCry and Petya, business leaders have begun to realise that traditional approaches are no longer sufficient to prevent the more advanced attacks.

What is also evident is that the likelihood of your organisation being targeted has increased substantially. If you have something digital worth stealing, leaking or ransoming, you are a target and it is important to note that IT security directly affects organisational governance and risk, and as such needs to be addressed at board level not as a standalone item for IT to 'fix'.

Many organisations have been disappointed by their current antivirus (AV) software and fallen foul of ransomware, and in this you are not alone. Jeremy Matthews, regional manager Panda Security Africa, explained at the 2016 ITWeb Security Summit why this is the case. He goes on to say that this situation is brought about because of three key factors: increasingly sophisticated malware; the limitations of traditional AV; and the changing corporate IT environment. This dynamic has created a detection gap, where we see large amounts of malware sitting on the network, with 2% remaining on the network for up to three months before being detected - a concept known as dwell time. This is a clear indication that the traditional AV model is no longer effective.

Ransomware is currently top of mind. However, we are warned that there are a range of attack variants affecting South African businesses. There are thought to be twice as many Trojans as ransomware but they often go completely undetected. Malware authors are employing hard-to-detect methods such as exploits and fileless/malwareless attacks. WannaCry famously used an exploit leaked from the National Security Agency to initiate the attack, allowing ransomware to run on victims' endpoints.

In order to protect your organisation against ransomware it has been recommended that organisations and individuals ensure that their company and personal data is backed up and that they become vigilant of potentially harmful e-mail attachments and the like. Sound advice, but it still doesn't cut to the core of the problem. Ransomware and advanced persistent threats (APTs) are able to bypass conventional AV software and penetrate your network.

Hope lies in a new security model: endpoint detection and response (EDR) and security information and event management (SIEM).

EDR allows for full visibility, the ability to investigate, as well as enable remedial action to restore endpoints to their original state, so that organisations can get back to the business or running a business quickly.

Jeremy Matthews, Regional Manager Panda Security Africa.
Jeremy Matthews, Regional Manager Panda Security Africa.

Panda Security says their EDR solution monitors processes running on the endpoint, and looks not just at malware but also policy violations and anomalous behaviour in goodware, by monitoring these actions, it is then able to contain incidents, control the processes and block them where necessary.

According to the Gartner Market Guide for Endpoint Detection and Response Solutions, EDR technology has four key characteristics: detect security incidents; contain the incident at the endpoint; investigate security incidents; remediate endpoints.

SIEM technology on the other hand allows for collections, analysis and presentation of security data. Matthews explains that SIEM software is a real-time, big data solution that provides a means of breaking up data into silos in order to understand it better.

SIEM and EDR technologies are complementary - where EDR collects data, SIEM centralises the storage of all data and analyses it to produce graphics and summaries that are easy to understand, and draw conclusions from. Matthews believes that by implementing EDR and SIEM technologies IT departments can ensure safer and more secure IT security systems that reduce the risk of malware attacks and compliance problems.

Share