The robustness of IT in the Middle East has been a welcome silver lining for many global IT vendors. IT Security, in particular has witnessed some of the highest growth. It would be reasonable therefore to expect that the maturity levels amongst regional IT security practitioners to be commensurately high. But whilst there are certainly very talented and skilled individuals in the region - the reality is that despite adopting modern technologies, many organisations are woefully behind the curve in terms of their overall security posture. Why is this?

• IT Security teams in the region are typically small. Often this responsibility falls on one or two people. They are therefore heavily loaded, barely able to manage the day-to-day security operations. (A recent Microsoft Patch Tuesday had a bonanza of 14 patches!)
• IT security is acknowledged as "critical" by management, yet too often, we hear echoes of "Why this new-fangled security product, we have anti-virus, don't we? "
  
• Like elsewhere in the world, security vendors have done a great job of painting their solutions as "the next best thing since sliced bread". Unfortunately, most vendors aren't bothered about how effectively their solutions are utilized in the region.

Recently, it seemed if someone sneezed in Asia, someone in Europe caught swine flu! Thankfully, now the worst of that epidemic appears to be behind us. But do we realise that there are literally hundreds, if not thousands of "epidemic scale" malware drifting out there on that beloved worldwide network we call the internet?

Consider these recent statistics:

• There is a Zeus 2 out there that has already infected over 100,000 computers.
  
• Its been stated that current popular AV solutions detect less than 19 % of malware threats as they emerge, and after 30 days, detection is still only 60 %!
  
• £ 700,000 has been lost in the UK due to online bank fraud this summer.

What can ME Security teams do?

• Understand that they need to strike a balance between proactive tools that block threats/raise alerts and those that help respond to an incident.
• Work smarter by acquiring truly multi-purpose tools that can actually free up time to perform....
• Root-cause analysis - "How did this happen?" "What do I need to tweak in my security portfolio/ processes to prevent this from happening again?"
• Proactive scans and sweeps across their networks to realistically understand/combat insider threat.

So what kind of software tools can facilitate this ?

Surprisingly there are tools that play this "swiss army knife" role. Digital Investigative Tools. What's even more surprising is their genesis is not from IT security but digital forensics!

The power of such tools comes from the fact that as a forensic tool, they need to be able to essentially view and capture any kind of data on a harddisk or virtual memory without "interfering" with it in any way. That "data" could be a virus, botnet, spyware, rootkit, deleted confidential file, unauthorised but "good" piece of software etc.

Leading products in this space are capable of:

• "Forensically viewing" any data on a hard disk anywhere on the network, regardless of O/S.
• Incident Response - react rapidly (minutes) to suspected breaches /attacks/ general incidents to collect vital "crime scene" evidence and give real "teeth" to the response team by remotely killing offensive processes, wiping suspected malware etc.
  
• "Sweep" across the network for malicious code / confidential data (DLP), unauthorised software (games, chat programs etc).
• Create system baselines and audit against them proactively to quickly identify if there are any changes, e.g., On Banking ATM's.
  
• Perform forensic grade internal investigations covertly to tackle growing insider threat.
  Effectively address the most sophisticated malware out there today - Polymorphic Code and Advanced Persistent Threats (APTs) which typically can lie around for months without "rearing their ugly heads".

Middle East security professionals seem dis-advantaged compared to their global peers. However such digital investigative tools, by virtue of their unconventionality, can not only bring them up to speed, but catapult them ahead, to be ready for the next "swine flu"!

Dennis Oommen has been based out of Dubai, UAE for the past 10 years and is the Regional General Manager for Guidance Software.