Two Innovative Approaches to Security You Can't Afford to Miss

Most organizations today realize the importance of instituting multiple layers of security--from a strong firewall, secure passwords and antivirus, to regular program updates, safeguarded and encrypted devices, consistent backups and monitoring. Yet, even with measures in place, companies can still be vulnerable to a cyber attack. Over 3.8 million records are compromised every day and over 160,000 every hour according to Breach Level Index from Gemalto,[1] and Herjavec Group estimates ransomware damages and costs at $1 billion annually.[2] And, even if your organization does fall victim, you may not know it right away. Four out of five victims of a breach don’t realize they have been attacked for a week or longer,[3] enabling thieves to gain greater access to information and potentially do even more damage than if they were caught sooner. On top of this, organizations can often gain a false sense of security in having traditional measures in place and not realizing they may still be susceptible. Thieves are using more innovative methods and are increasingly more determined to get in.

Intelligently Protecting Against Viruses & Malware

While it may seem like a fail-safe option, traditional virus protection—which compares files against a database of potentially nefarious signatures and marks files as bad if there is a match—is flawed. With millions of viruses, ransomware, and malware, relying on a database of signature files for comparison does not guarantee safety. Just one signature variation enables the malicious file to get past. And hackers, changing signatures at rapid rates—some estimating at around a million a day[4]--are counting on it. Add to that that employees may not always receive the latest version of virus protection while going on vacation or traveling out of the country, rendering their software out of date and leaving them exposed upon return. Former Global Vice President of McAfee, Stuart McClure, recognized the need for a new approach to more effectively predict, prevent and proactively protect against threats, in starting Cylance. With Cylance technology deployed on over four million endpoints and protecting hundreds of enterprise clients worldwide, the technology offers a new, more innovative and effective strategy to identify threats. Cylance doesn’t recommend replacing traditional anti-virus software but, instead, augmenting it with artificial intelligence (AI) and a math-based approach. Using AI, Cylance looks at common characteristics of millions of good and bad files. The company’s Protect software examines every file that tries to run on an endpoint—such as a PC, Mac, server, even point of sale system—to determine how the file should, versus is trying to, work. A Word document shouldn't contain executable code regardless of whether it's running directly or being loaded from the Web, for instance. The technology decides what the endpoint executes and what it does not. Any inappropriate behavior is flagged, and the file is blocked in real time before it can cause harm. You might remember the government breach in the Office of Personnel Management background-check investigation database late last year. The exposure jeopardized social security numbers, employment and financial history, and even fingerprint data for some, from 20 million individuals whose data was exposed. Cylance found the initial breach—a DLL file disguised as a McAfee antivirus executable. Cylance determined this file was not legitimate for OPM, as the organization did not use McAfee’s AV software. Unlike with other technologies, Cylance does not require a large database of signatures to compare against, and there is nothing to go out of date, so to speak. It requires only about 30 megabytes of space and is designed to not impact performance, with less than 1% of CPU usage at endpoints and no Internet connection required. Though the company issues updates, they are typically only incremental, with mathematical model performance already robust and only slight tweaks required periodically, which means employees are still protected when they go away.

Deceiving Thieves In Their Tracks  

Cyber attacks can come from foreign countries, competitors trying to glean proprietary info, thieves looking to steal social security numbers and identities and more. As much attention as organizations put on installing a secure firewall, safeguarding end points, encrypting data and ensuring stringent passwords, determined perpetrators can often find a way to get through.  When they do, the organization need to find and stop them quickly. Hackers trust that when they try to infiltrate a network, the resources they are looking at are legitimate, but deception-based security changes that, using tactics hackers use for infiltration against them. Gartner predicts that by 2018, 10% of Enterprises will use this offensive approach to security in setting traps to actively deceive attackers. TrapX’s DeceptionGrid is platform designed to do three things: detect and divert threats that bypass other systems; deceive by disabling and neutralizing advanced attacks and isolating them, and defeat thieves with true actionable intelligence. The technology works by setting up what it calls honeypots or fake systems to lure thieves with what looks like valuable data. When the criminals “touch” the honeypot(s) TrapX knows something is up, because no one in the organization should be able to tell they exist or access them. The system alerts the company and locks down thieves, without their knowledge, preventing them from going to other areas of the network while enabling them to keep ‘working’. This makes it possible for the system to drill down and identify the attacker--where they are from, when they first entered, from which IP address they originated, etc. TrapX alerts are over 99% accurate and immediately actionable. Generally a good fit for global 2000 commercial and government, as well as smaller customers, in defense, healthcare, finance, energy, consumer products and other industries, the technology is also relatively affordable. Consider the following examples of how it has helped to catch thieves:

• For a financial industry brokerage connected to a major stock exchange, TrapX determined confidential financial data was being infiltrated to multiple sites in Germany and the Ukraine.
• At a healthcare institution where no outward indications of attacks were shown, TrapX exposed persistent attacks on a portable c-arm x-ray system that would connect to different VLANS in the institution. The hospital now regularly has software re-provisioned on the device to prevent threats of attack.
• A major manufacturer of steel products identified several types of malware deployed on its SCADA processors, central to manufacturing, with TrapX. The company was able to prevent an attack that could severely disrupt ongoing manufacturing and possibly result in a shut-down and millions of dollars in potential loss.

With the potential for huge financial gains in stealing your business, employee and customer information, thieves are becoming increasingly more determined. The costs of a breach to organizations is $11.6 million on average according to Ponemon Institute’s 2016 Cost of Cyber Crime Study & the Risk of Business Innovation, not to mention the expense of a damaged reputation. In addition to traditional measures, organizations today need to consider new ways to secure networks and data. Deception based security and AI offer new opportunities to fight back. At ProTelesis, in addition to being a leading ShoreTel vendor (ranked #3 worldwide in 2016 alone) for best-in-class unified communications, we can also help you to augmenting your complete security and IT infrastructure services needs. Want to know how machine learning and mathematics are rewriting the rules of protection? Download How Artificial Intelligence Will Secure the 21st Century to see how you can benefit!   [1] Breach Level Index