Johannesburg, 17 May 2012
Trusted security defence technologies such as firewall, anti-virus and intrusion detection have failed because they are based on signature and reputation, and lack real-time analysis.
This is according to Charles Renert, VP of research and development at WebSense, who addressed delegates at this week's ITWeb Security Summit, held at the Sandton Convention Centre.
We are in a period of transition where the value and potency of attacks are really starting to get stronger.
Charles Renert, VP of research and development at WebSense
A Zero Day attack is a threat that tries to exploit vulnerabilities that are unknown to the software developer or others.
“We see some fundamental shifts that have affected the threat landscape. Organisations no longer have brick-and-mortar defences; traditional firewalls cannot completely protect the network against threats coming from the cloud, bring your own device or social media.”
He explained that Zero Day attacks are classified by distinct phases: “There's a lure, which is something that makes the user click a malicious link, a redirect, an exploit kit, followed by dropper or executable content, and then, lastly, data theft.”
He pointed out that lures can include anything from SEO poisoning to YouTube and Twitter scams, free gift offers, targeted e-mail, social profiling, fake surveys and Facebook photos.
“The new paradigm is that, instead of single-phase threat detection, we are moving to multi-threat detection. Security platforms must be able to unify endpoints, network and the cloud, and you need the same level of detection,” advised Renert.
He explained that WebSense has a threat seeker network that uses real-time intelligence that unites more than 850 million research points to analyse billions of requests per data from PCs and mobile devices.
According to Renert, advanced analytics works to classify malware, content and data, and combines with unique composite risk scoring to classify malware and content that evades independent analytics.
“We are in a period of transition where the value and potency of attacks are really starting to get stronger.”
He added that, ultimately, there is no quick-fix solution to social engineering attacks, not even with training. “Fundamentally, there is value to reducing the number of security incidents with training. However, I don't believe there's a fundamental fix to that. Social engineers are picking up what is current, and today these change all the time.
“You can do your best to install new programs and protections and enforce training, but protecting against social engineering is not fail-safe.”
Renert added: “We had a partnership with Facebook last year. We have a global view of all links on Facebook and found that 2% of links are malicious, 4% is spam - four million users are impacted by spam daily. More than 200 million malicious actions occur per day.”
Share