March 9th, 2017 by adminHow can ‘honeypots’ and artificial intelligence help to protect your network and data? Read on to learn how companies are leveraging cutting edge approaches, in addition to firewalls and other traditional security measures, to increase IT security and protect against cyber security breaches and how you can benefit too.
Intelligently Protecting Against Viruses & MalwareWhile it may seem like a fail-safe option, traditional virus protection—which compares files against a database of potentially nefarious signatures and marks files as bad if there is a match—is flawed. With millions of viruses, ransomware, and malware, relying on a database of signature files for comparison does not guarantee safety. Just one signature variation enables the malicious file to get past. And hackers, changing signatures at rapid rates—some estimating at around a million a day--are counting on it. Add to that that employees may not always receive the latest version of virus protection while going on vacation or traveling out of the country, rendering their software out of date and leaving them exposed upon return. Former Global Vice President of McAfee, Stuart McClure, recognized the need for a new approach to more effectively predict, prevent and proactively protect against threats, in starting Cylance. With Cylance technology deployed on over four million endpoints and protecting hundreds of enterprise clients worldwide, the technology offers a new, more innovative and effective strategy to identify threats. Cylance doesn’t recommend replacing traditional anti-virus software but, instead, augmenting it with artificial intelligence (AI) and a math-based approach. Using AI, Cylance looks at common characteristics of millions of good and bad files. The company’s Protect software examines every file that tries to run on an endpoint—such as a PC, Mac, server, even point of sale system—to determine how the file should, versus is trying to, work. A Word document shouldn't contain executable code regardless of whether it's running directly or being loaded from the Web, for instance. The technology decides what the endpoint executes and what it does not. Any inappropriate behavior is flagged, and the file is blocked in real time before it can cause harm. You might remember the government breach in the Office of Personnel Management background-check investigation database late last year. The exposure jeopardized social security numbers, employment and financial history, and even fingerprint data for some, from 20 million individuals whose data was exposed. Cylance found the initial breach—a DLL file disguised as a McAfee antivirus executable. Cylance determined this file was not legitimate for OPM, as the organization did not use McAfee’s AV software. Unlike with other technologies, Cylance does not require a large database of signatures to compare against, and there is nothing to go out of date, so to speak. It requires only about 30 megabytes of space and is designed to not impact performance, with less than 1% of CPU usage at endpoints and no Internet connection required. Though the company issues updates, they are typically only incremental, with mathematical model performance already robust and only slight tweaks required periodically, which means employees are still protected when they go away.
Deceiving Thieves In Their TracksCyber attacks can come from foreign countries, competitors trying to glean proprietary info, thieves looking to steal social security numbers and identities and more. As much attention as organizations put on installing a secure firewall, safeguarding end points, encrypting data and ensuring stringent passwords, determined perpetrators can often find a way to get through. When they do, the organization need to find and stop them quickly. Hackers trust that when they try to infiltrate a network, the resources they are looking at are legitimate, but deception-based security changes that, using tactics hackers use for infiltration against them. Gartner predicts that by 2018, 10% of Enterprises will use this offensive approach to security in setting traps to actively deceive attackers. TrapX’s DeceptionGrid is platform designed to do three things: detect and divert threats that bypass other systems; deceive by disabling and neutralizing advanced attacks and isolating them, and defeat thieves with true actionable intelligence. The technology works by setting up what it calls honeypots or fake systems to lure thieves with what looks like valuable data. When the criminals “touch” the honeypot(s) TrapX knows something is up, because no one in the organization should be able to tell they exist or access them. The system alerts the company and locks down thieves, without their knowledge, preventing them from going to other areas of the network while enabling them to keep ‘working’. This makes it possible for the system to drill down and identify the attacker--where they are from, when they first entered, from which IP address they originated, etc. TrapX alerts are over 99% accurate and immediately actionable. Generally a good fit for global 2000 commercial and government, as well as smaller customers, in defense, healthcare, finance, energy, consumer products and other industries, the technology is also relatively affordable. Consider the following examples of how it has helped to catch thieves:
- For a financial industry brokerage connected to a major stock exchange, TrapX determined confidential financial data was being infiltrated to multiple sites in Germany and the Ukraine.
- At a healthcare institution where no outward indications of attacks were shown, TrapX exposed persistent attacks on a portable c-arm x-ray system that would connect to different VLANS in the institution. The hospital now regularly has software re-provisioned on the device to prevent threats of attack.
- A major manufacturer of steel products identified several types of malware deployed on its SCADA processors, central to manufacturing, with TrapX. The company was able to prevent an attack that could severely disrupt ongoing manufacturing and possibly result in a shut-down and millions of dollars in potential loss.
Posted in: Uncategorized