This fatalism about zero-day attacks on businesses is entirely unnecessary
Security

This fatalism about zero-day attacks on businesses is entirely unnecessary

This is a contributed piece by Greg Sim, CEO at Glasswall Solutions

Have businesses given up on preventing zero-day attacks? It sometimes feels like it even as the threats increase and the dreaded Locky ransomware returns in a new form after a break during the festive period.

One of the leading cyber-security vendors FireEye this year claimed to have discovered “29 of the last 53 zero-day attacks” which is a strange kind of boast and scant comfort to the victims of the undetected 24 exploits.

Even though the penny seems finally to be dropping that familiar names in anti-virus technology are not going to protect us, many organisations seem to regard extortion via cyber-attack as an inevitable cost of business. Yet there is no need for this defeatism, given the level of protection now available from more innovative vendors using file-regeneration technology.

Zero-day exploits, lest we forget, are unrecognised attacks that come in a form not previously detected, and more often than not are hidden in email attachments until some unfortunate member of staff unwittingly clicks one open, triggering the download of ransomware or a massive theft of data. It is a type of crime that brings criminals serious rewards. One version of the CryptoWall ransomware is reckoned to have generated $325 million in 2015.

Unfortunately evidence is growing that conventional anti-virus defences are simply redundant as hackers and cyber-criminals become more sophisticated. Analysis by threat intelligence experts Virus Bulletin, for instance, shows that between 2015 and 2016, detection of previously unknown threats by many of the big names in anti-virus technology decreased from a midpoint around 80 per cent to between 67-70 per cent. Even detection of known threats fell from between 90 and 95 per cent to about 90 per cent.

But what really shoots the wheels off the anti-virus industry, is the survey’s revelation that some vendors achieved better testing results with their free products than they did with their premium ones. What do these vendors imagine is the point of paying for a premium service that is less effective than the free?

The Virus Bulletin analysis is no more reassuring about the security solutions specific to email offered by the likes of Kaspersky or Sophos. What appear to be high scores in eradicating spam still leave organisations wide open to zero-day threats, given the huge volumes of emails transmitted by every business on a daily basis. Hackers only need to get lucky once.

Despite this, remarkable claims are made by cyber security companies. Trend Micro has certification for 99.48 per cent protection against zero-days, “compared with a vendor average of 97.77 per cent”. Mimecast and Symantec both lay claim to 100 per cent effectiveness, while McAfee, asserting that most zero-day threats come from the web, says it can achieve 99.5 per cent effectiveness by adding in-line file and code emulation technology to its web gateway solution.

Whatever the claims, it only takes one attack to devastate an organisation. All these technologies have, for instance, failed to prevent the recurrence of Locky, which is now in a “double-zip” form and often accompanied by the Kovter Trojan which is left behind to run click-fraud and malvertising even after organisations have paid up.

 

Surely everyone understands that statements about “100 per cent” effectiveness cannot be substantiated and are not borne out by the analysis? Perhaps, but we don’t have to lapse into fatalism about zero-day attacks.

Innovation and new approaches to security are available that will lock out all malware whether zero-day or an adaptation of what has been previously detected. The fact is that email attachments are now the main vector for attacks on businesses for the simple reason that there are billions in circulation every day and they are essential to everyday operations.

Research (from respected cloud services and threat intelligence company Webroot) has for example, demonstrated that 97 per cent of malware is now unique to a specific endpoint. This renders signature-based security virtually useless because such heavily customised malware is extremely difficult to detect.

Instead, file regeneration technology keeps every form of malware at the door. It checks that the common file-types used by criminals to hide their zero-day exploits conform to the manufacturer’s standard, conducting deep inspection of every email attachment down to byte-level. Within fractions of a second a clean, sanitised version of the file is rebuilt, which the organisation can use without any disruption to business operations.

Instead of throwing up their hands in the air or relying on claims of “100 per cent effectiveness” that they know cannot be fulfilled, organisations can use this kind of technology to regain control, setting their own policies and levels of risk in relation the requirements of departments or employees. It is a question of only allowing the known good to enter an organisation and being fully confident that the main source of zero-day threats has been completely blocked. Far more effective than relying on old perimeter anti-virus security or sitting there waiting to pay up and then deal with the appalling consequences after the attack has succeeded.

PREVIOUS ARTICLE

«Can data make Health and Safety better?

NEXT ARTICLE

SuiteWorld 2017: NetSuite promises “business as usual” post Oracle acquisition»

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?