Subscribe
  • Home
  • /
  • TechForum
  • /
  • Cyber security is smarter now so there's no excuse

Cyber security is smarter now so there's no excuse

Deep threat intelligence from the dark Web, in real-time, combined with reputational data, gets the most comprehensive information on the threat landscape, says Tallen Harmsen, head of IndigoCube Cyber Security.

By Tallen Harmsen for IndigoCube
Johannesburg, 30 Jan 2018
Tallen Harmsen, head of IndigoCube Cyber Security.
Tallen Harmsen, head of IndigoCube Cyber Security.

Office 365 missed nearly 1 million spam, phishing, and other e-mails in September 2017 that contained malware of 10 million e-mails verified. Of that number, the darkreading.com story continues, about 34 000 were phishing mails, which was not too surprising, but what was a little surprising and even concerning was that around 2 500 of the mails contained malware that was well documented. The security researcher quoted notes that 2 500 is a very small part of the total, around 0,4%, but that it is the most dangerous part and should have been easily netted using simple threat signatures.

And who is to blame for the total 10% of spam, phishing, and malware mails sneaking through? Microsoft or the customer? Both should actually shoulder at least partial responsibility. Users apparently misconfigured their systems and their policies were poor. But Microsoft is said to rely on reputation-based filtering that uses a database that lags today's surge of distributed attacks that involve malware, phishing, spam, and botnets associated with fresh IPs.

Microsoft's solution is particularly reliant on reputation-based filtering. That means their knowledge is only as good as the database. Today's commonly distributed attacks typically involve many fresh IPs so the database cannot pick them up. Tracking new IPs is extremely difficult and only reliable following an attack, which means it's too late.

IP-based filtering is a necessary security layer but it cannot be the only one. That's why we ally that with deep threat intelligence from the dark Web, in real-time, combined with reputational data to get the most comprehensive, up-to-date information on the threat landscape.

It's the only way to get a five-times hash indicator increase, enriched with intelligence from the dark Web, on-demand lookup of five billion files for real-time intelligence, and combined with context for over 10 million hashes historically observed and enhanced with additional intelligence.

The result is that cyber threat prevention benefits through real-time intelligence enrichment.

Had Microsoft used this approach it would have had updated information on new IP addresses associated with distributed attacks. But it's traditional reputational approach simply can't cope in our modern world of evolved cyber attacks. And it's an approach that keeps you a step behind the hackers.

It pays to at least keep pace with the baddies. Missing a million spam, phishing, and malware mails isn't quite keeping pace. Microsoft has undoubtedly remedied the situation. Shouldn't you?

Share

IndigoCube

IndigoCube uses its in-depth experience and expertise in software delivery to enable organisations in the fast-moving digital age to build, secure and run software better using a holistic approach combining skills development, process transformation and the implementation of leading-edge automation technology. It focuses particularly in the areas of business analysis, agile software development, DevOps and cyber security to boost productivity and long-term return on investment.

Editorial contacts

Michelle Oelschig
Scarlet Letter
(083) 636 1766
michelle@scarletletter.co.za
Karen Mostert
IndigoCube
(011) 759 5950
karen@indigocube.co.za