Holistic approach to security needed: McAfee
By Gabey Goh November 14, 2013
- Security challenges now require open, collaborative approaches to detect threats, reduce risk and ensure compliance
- Holistic approach to network visibility and transparency from product perspective required to counter advanced threats
CYBER threats are constantly testing organisational defences and evolving their attacks to find new ways to evade detection. So, unless organisations are maintaining a more dynamic and automated network response to emerging threats, the general state of readiness is less than optimal.
That was the view expressed by Scott Thomas (pic), senior director of Network Threat Response at McAfee, in an email interview with Digital News Asia (DNA).
The idea now is to develop a more meaningful security posture through technology, but wrapping it in business processes that are robust, collaborative and responsive enough to react to continually evolving threats, he noted.
“We are seeing more than 80,000 new pieces of malware daily, each written with new and innovative ways to avoid detection; so as a company we are aware of the significant challenges facing businesses in identifying and implementing a robust cyber defensive posture.
“A simple fact is that security is a growing component of the national economy and as such continuous monitoring and active risk management need to become staples of every organisation,” he added.
Thomas said that based on previous trends across the Americas and Europe, the Middle East and Africa (EMEA); Asia Pacific will continue to have overall higher spending in terms of cyber security at a rate approximately 10% more than the worldwide average.
“This number includes expenses for employment, retention and the execution of an organisation’s security strategy. We are seeing a decline year over year in spending based solely on Asia Pacific numbers, which does indicate an uptick in the level of network protection but does continue to show the region's dedication to enhancing its security posture,” he added.
Thomas said that while Asia Paciifc security investments from previous years tended to be higher than those seen in the Americas and EMEA, Asia Pacific organisations have enhanced their capabilities and maturity in cyber defence, which has allowed them to consolidate and hone their skills and ultimately decrease the need for continued year-over-year cost increases.
The public outing of clandestine surveillance activity by the US Government earlier this year, according to Thomas, has highlighted the need for transparency in these types of activities.
When asked whether McAfee has been subjected to tighter vetting processes by government procurement departments since, Thomas said no.
“We have always had stringent requirements with the export and integration of technologies within governmental organisations. This has actually helped us with recent events due to our due diligence and working to ensure that we are a trusted security vendor in meeting these requirements and abiding by these organisational standards, while still keeping our customer information private,” he said.
With instances and attention on Advanced Persistent Threats (APTs) rising, when asked about some of the real dangers that public agencies and organisations may not be aware of, Thomas said one example that comes to mind is that if you believe malware could be part of a persistent attack, since once you quarantine or remediate any infected hosts, you lose visibility into the process activity and volatile memory information they contained.
“A covert monitoring response may be appropriate as important sources of forensic information and represent a key best practice advance from the standard ‘dead box’ forensics of the past. Killing processes and disconnecting a host will also signal the attackers that you have detected their activities, which can let them cover their tracks or activate an alternate attack sequence.
“To understand the attack, you will want to dig into the malware’s available and demonstrated behaviour, reconstruct the attack sequence, and find related events that could help you see the full scope of the attack,” he added.
For organisations and agencies deploying Advanced Threat Defence (ATDs) measures to stay one step ahead of cyber attacks, Thomas cautioned that individual vendor solutions may effectively address one specific aspect of a threat, but without an intelligent solution that is aware of its surrounding and able to effectively interact in a collaborative manner to defend the network, this creates more opportunities for attackers to penetrate that network.
“An increase in security products does not necessarily equate to a more hardened network posture. A more holistic approach to network visibility and transparency from the product perspective is required to counter advanced threats and the most reasonable approach is to apply proven technologies as a coordinated system -- signature, reputation, lightweight and deep static analysis, and dynamic sandboxing -- in a unified, layered, and extensible architecture,” he added.
Thomas said that security challenges now require open, collaborative approaches to detect threats, reduce risk and ensure compliance.
“The fact that security products are being deployed from multiple vendors that do not intelligently communicate to create a collaborative network defence posture not only increases operational costs, it may even increase risk,” he added.
In an effort to alleviate these issues, Thomas outlined some measures organisations should undertake:
- Create interoperable and vendor agnostic solutions that encompass best of breed technologies to address the cyber threat.
- Leverage partnerships between vendors, such as the McAfee Security Innovation Alliance (SIA) to accelerate the development of interoperable security products that assist in simplifying the integration of these products with complex customer environments.
- Deliver solutions to maximise the value of existing customer investments, reduce time to problem resolution, and lower operational costs.
When asked what key trends he foresees dominating security discussions in the next year or two, Thomas outlined the following:
- A focus on organisational demands for technology modernisation in resource-constrained environments to include cloud and shared services;
- Accountability and transparency regarding customer data; focusing on enhancing critical infrastructure defences that enable networks to be more self-aware and responsive to threats; and
- Creating scalable and open solutions that provide network and endpoint visibility and controls to combat targeted attacks, as well as the ability to quickly and definitely enable remediation.