Adding security layers to protect against known threats still leaves organisations exposed to unknown zero-day attacks and advanced persistent threats (APTs).
So says Deon La Grange, country manager of FireEye SA, who adds that attackers are broadening their reach and no one is safe or immune from becoming a target.
Yesterday, Google announced it is introducing a feature to its Chrome browser that will automatically block malicious downloads. The feature is available in Chrome Canary, and aims to protect against the types of malware that is often installed when a user unsuspectingly downloads a plug-in or screensaver that contains nasty components like Trojans or keyloggers, says Linus Upson, VP of Google.
Google Chrome has four releases - a regular release, a beta release, a dev release and Canary. Canary is the newest release and has not been as well tested as other releases, but includes all the latest tweaks. Once all the bugs are fixed, the release filters down to dev, then beta and, finally, the regular releases.
"In the current Canary build of Chrome, we'll automatically block downloads of malware that we detect. If you see [a message warning of malicious content] in the download tray at the bottom of your screen, you can click 'Dismiss' knowing Chrome is working to keep you safe," explains Upson.
However, La Grange says: "Malware ranges from the voluminous yet relatively benign attacks, like Zeus and Citadel, that are relatively easily detected and blocked, to far more advanced targeted malware such as Stuxnet and Flame. The latter are small in number and specifically designed to go undetected for long periods of time, resulting in significant business impact rather than the random gun-spray methods used by the voluminous attacks.
"I guess the 'devil is in the detail' applies here," adds La Grange. "The security industry as a whole recognises that traditional defence mechanisms, which rely on some form of knowledge of the attack - whether signature-based, list-based, URL filtering, intrusion prevention and detection technologies, and suchlike - are no defence against zero-day attacks and APTs."
He says security vendors are now playing catch-up and are introducing "sandboxing techniques", which allow users to run untrusted apps in a "safe" environment. "But - and it's a big but - unless purpose-built with a hardened propriety virtualisation detonation technology, these add-on sandbox solutions are easily evaded by advanced malware."
La Grange says it remains to be seen whether organisations can defend themselves against known and unknown attacks proliferating online. "All efforts are encouraged, though not all have the same effect."
Share