More than three-quarters of security professionals believe that traditional perimeter tools like firewalls and anti-malware are robust enough to combat today’s advanced persistent threats (APTs).
According to a survey of 130 delegates at this year’s Black Hat USA conference, 78 per cent were confident in the strength of traditional technologies, while 22 per cent were not confident.
Philip Lieberman, CEO of Lieberman Software, said: “Our survey reveals that while the majority of organisations are prepared for amateur hackers and low-level criminals, they are completely ill-equipped to deal with today’s advanced attacks.
“Traditional perimeter security products are effective at spotting and stopping known threats, but they can’t keep up with today’s rapidly increasing volume of advanced targeted attacks. The most effective methods for securing yourself from these types of attacks are the use of air-gap networks (machines not connected to the internet) that disconnect systems with sensitive data. Assume that others have already penetrated your network and institute multi-factor authentication and adaptive privilege management to assure that a compromised system is not a jumping off point for an organisation wide attack.”
Fraser Kyne, director of products at Bromium, said that the research is “counter to common wisdom in the industry”.
He said: “Attacks are increasingly sophisticated; and legacy tools are akin to taking a knife to a gunfight. Not only are industry experts and analysts encouraging people to bolster their defences with new technology, but even anti-virus vendors themselves have foretold of the death of anti-virus. One thing is for sure – this statistic will be welcomed by the malware writers.”
Mark James, security specialist at ESET, said: “The concern with an APT is that they are specifically designed to not only be undetected but to remain transparent for as long as possible. 78 per cent seems a high figure and only reinforces the concerns it should raise, unlike generic malware that tries to infect, retrieve data and forward that data as quickly as possible.
“Anti-virus and anti-malware can certainly aid its detection, but realistically the only real way of detecting these threats are consistent and regular data interrogation of all outbound data, along with the very real need to keep not only your operating system up to date, but any applications installed on your systems up to date as well.”
Kyne said that for the “enlightened” 22 per cent, the focus should be on complementing defences with tools that do not rely on the failed approaches of blacklisting, whitelisting or detection in general. “There also needs to be a recognition that people are the perimeter now – so the focus needs to be on protecting the devices they are using” he said.
James agreed, saying that good user education, risk assessment and regular data interrogation will need to go alongside anti-virus and anti-malware solutions if you want to protect the very foundations of a successful company.
Join the IT Security Guru for the next webcast on Thursday 30th October at 11am, where we discuss ‘The Next Great Threat to Security’ and dealing with major flaws https://t.co/V5dWgXcLMY
