IT security is a fascinating topic because it tends to oscillate between being critically important to the most important thing IT and business leaders are working on. Right now, because of the high profile breaches such as Target and Bank of America, it’s fair to say it’s the top initiative for most companies. The most recent ZK Research IT priority survey shows that security remains the top IT priority again for 2015 as it was for 2014 and for 2013. The difficulty for security professionals is that security has evolved rapidly over the past five years. Securing the perimeter is obviously a core task of security teams but it’s the only point need securing. Security needs to extend past the edge of the network.

Perimeter firewalls do a great job today, and all the vendors offer a top-quality products and perform well in both protecting businesses from letting in bad traffic and also keeping sensitive traffic from leaving the organization.

However, what happens when the threat doesn’t come through the perimeter? This can happen in many ways. As I pointed out in a previous NWW post, BYOD is causing new ways for malware to circumvent the perimeter. The threats can come in through phishing sites, emailed documents, or a number of other ways. The fact is that no matter how much training is done or how careful a company is, a breach is going to occur.

This begs the question – what should an organization do to protect itself? While the answer to the problem isn’t clear, what is painfully obvious is that what we’ve done in the past hasn’t worked and isn’t going to work, so it’s time to think differently about security.

Solving this problem is why Check Point, one of the leading firewall vendors, acquired Hyperwise, a company that offers CPU-level threat prevention earlier this year. The methods currently used to remove threats are based on remediation after a system is infected. This was never ideal, but at least it was sufficient when IT operated in a tightly controlled environment. Control has gone the way of the dinosaur, and CSOs need to look at protecting the organization differently.

Today, sandboxing technology detects unknown malware, but most sandbox vendors provide OS-level sandboxing. This means that the malware is allowed to download and run to see if it exhibits bad behavior. With CPU-level threat prevention, malware is blocked at “pre-infection” before it actually even enters the computer. The technology works at the CPU level and looks for exploits that bypass OS-level security so it can eliminate a variety of zero-day attacks and other unaddressed threats. She was very candid about the fact that no credible security vendor would claim to solve all security problems, but CPU-level threat prevention does help close the widening threat gap and also significantly improve threat catch-rate.

Based on many of the security professionals I have talked to recently, there certainly seems to be an understanding that change is needed in security. New security technologies can now offer protection all the way down to the chip level if needed, something that will becoming increasingly important as malicious traffic continues to find new ways of invading our companies.

The following two tabs change content below.

Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.
Share This Post:
No Interactions

Be the first to comment!

Post a Comment:

You must be signed in to post a comment.

Insight and Influence Through Social Media
ZK Research: Home
RSS Feed
ZK Research is proudly powered by WordPress | Entries (RSS) | Comments (RSS) | Custom Theme by The Website Taylor