Rob Cheng has an intriguing piece on IDG Connect’s blog sharing insights into the evolving global malware writing industry, and how it prompted the US Department of Homeland Security (DHS) to take the drastic step of advising users to disable Java. You can read it here. What it highlights is that effective IT Security requires ‘Defence in Depth’, more than ever. Here are MailGuard’s thoughts on the matter.
The internet has democratised business and spawned a new breed of business models that were previously not possible. One negative example affecting IT security is that it has enabled malware writers to operate businesses selling "zero day exploit" kits with impunity.
Attacking a company with malware is now very easy because programming skills are no longer required. If an attacker can fork out for a kit (typically costing in the region of $3000), they will more than likely be able to attack an organisation with code that won’t be detected by the target's anti-virus (AV).
This is very bad news for companies, governments and organisations with sensitive and valuable information because espionage is a lucrative business.
It’s also a very big challenge for AV companies because even for a single vulnerability there can be thousands of exploits, each potentially requiring new signatures to be written. Staying ahead of the game to crush new malware and viruses can prove difficult.
The severity of the issue is highlighted by DHS advising organisations to stop using Java. After all, they have no ulterior motive to give out this kind of warning. It also illustrates how vulnerable you can be if you only engage a single vendor. Relying on one vendor means protection of your core infrastructure is determined by how timely security patches are released.
Malware detection and prevention will no doubt embrace fresh methodologies such as detection of anomalous network traffic after base-lining legitimate traffic and increasingly sophisticated heuristic analysis. But the reality of the situation right now is that simply running desktop and perimeter AV is not enough.
Using ‘Defence in Depth’ is more important than ever.
What is ‘Defence in Depth’ and how does it work?
Defence in Depth is based on a military strategy in that defences are there to delay rather than prevent the advance of an attacker. The more layers of defence you have, the attack will lose momentum and you’ll have more time to respond appropriately.
In an IT context, a Defence in Depth strategy is designed to increase the cost and effort of an attack against an organisation. Having multiple layers of defence not only improves capacity to detect attacks, it also allows more time to respond to attacks such that a successful attack will not fully compromise a business.
In order to mitigate the risks of data breaches and malware attacks, businesses should be aware of the need to create strategic and multi-layered security architectures.
How MailGuard can help you practice Defence in Depth
For businesses that are sensibly keen to practice Defence in Depth, they can add additional security layers using MailGuard’s cloud security solutions. Both MailGuard (which stops email borne threats) and WebGuard (which stops web borne threats) are vital components in a Defence in Depth strategy because they use AV scanning using multiple engines as well as policy based blocking or quarantining.
Collaboration between AV vendors is also a fundamental part of Defence in Depth and MailGuard plays an important role in the AV community. Due to the large volume of email we filter in the cloud, MailGuard is in a unique position to constantly trend suspicious emails, block them as spam, and submit them to AV vendors in an extremely timely manner. Often we’ll see the new malware and AV definitions by the vendor some hours later.
How to implement Defence in Depth for your business
If you’d like to discuss Defence in Depth with a cloud security expert today, email expert@mailguard.com.au.
(Image by soldiersmediacenter (The US Army) using a CC by 2.0 license)
