We have seen disruptions affect every industry during the last millennia. From chemical photography to digital photography, from horse drawn carriages to supersonic flight, from shovels to hydraulic excavators, from the telegraph to the telephone and of course from manual computation to modern computers and smart phones which brings rise to the likes of Uber, Facebook, Twitter, etc. for even more disruptions.
So, why is it that we tend to scoff when a cyber security disruption is brought to our attention?
Effective Cyber Protection
Is good really good enough when your productivity, profitability and corporate reputation is at stake? What defines effective? At one point if we could detect a signature and prevent future occurrences it was considered effective. Then the introduction of behavior-based technologies like sandboxes allowed for the detonation of malware in secure, quarantined areas so that production environments would not be affected.
Even new approaches, such as Content Disarm and Remediation (CDR), provide variations on existing well known (and spoof-able) approaches. So, by definition, the only truly effective cyber protection solution is one that can prevent zero-day malware without the need for long delays or costly resources.
Evolving to Disruption
Content, whether through datafiles or data streams, is one of the most common and pervasive methods by which malware infiltrates an enterprise. Current security approaches cannot ensure that incoming network-based content is free of malware because they fail to identify, let alone prevent, zero-day malware and unknown threats hidden in content. Moreover, such approaches are resource intensive, slow and evadable – all of which affect an enterprise’s bottom line and profitability.
What is needed today is evasion-proof, instantaneous, end-to-end security for any kind of network based non-executable content for a variety of persistently used attack vectors such as email, web, and cloud file sharing applications. Put more simply, we have been evolving various security techniques but are now at a crossroad where only disruption will deliver the impact necessary to truly prevent versus having to remediate cyber threats.
Modern Cyber Protection
To be truly modern, your cyber prevention solution should deliver instantaneous end-to-end security for any kind of network based non-executable content for a variety of persistently used attack vectors such as email, web, and cloud file sharing applications, challenging the norms that rely on slow, costly and mostly outdated, ineffective methods of sandboxing, signatures and behavioral inspection.
Really – it’s quite simple: executable code in any type of non-executable content such as datafiles and datastreams is malware, and therefore should not be permitted to enter any organization. At the bottom of it all, the solution should know whether content is either infected (quarantined) or it is not (clean). There should be no behavioral analysis or guesswork, so you can prevent cyber threats instead of remediating the damage.
Organizations should consider a solution that applies to protection against malware in active content and file-less malware as well. Active content such as macros should be de-obfuscated no matter the level of nesting or encryption and evaluated to determine its true purpose. Malicious scripts, links and URLs that may be hidden, self-extracting or even on remote servers should be instantaneously analyzed and determined to be clean or not.
At the end of the day, companies need to look for a solution that strengthens their cyber defenses dramatically by preventing attacks before they enter and harm their organization, their customers and their brand. Remediation is costly, prevention is not.
About the author: Boris Vaynberg co-founded Solebit LABS Ltd. in 2014 and serves as its Chief Executive Officer. Mr. Vaynberg has more than a decade of experience in leading large-scale cyber- and network security projects in the civilian and military intelligence sectors.