Every IT manager should realize by now that there are just as many black hats as there are white hats in the security business. Whether the bad guys are looking for fame and notoriety, want to make a political statement, are trying to make money or are just bored and looking for some excitement, they’re out there. And they have more time and energy to devote to the quest of finding ways around enterprise security than an organization does to defend against them.
The result has been an escalation in arms and defense tactics. As IT managers worked hard to ensure 100 percent anti-malware coverage on desktops and servers, the smartest attackers were looking for techniques completely outside those detected by traditional security tools. If there are 10 tools in the security toolbox, then hackers are hard at work developing an eleventh attack to get around them all.
As Princess Leia in the original Star Wars said, “The more you tighten your grip, Tarkin, the more star systems will slip through your fingers.” Except today the hackers are the rebels, and everyone else is the empire. The more strident the security measures, the more cybercriminals will seek a way around them. Not a good position to be in (especially if the IT team finds itself on the bridge of the Death Star).
Ultimately, the increase in hacking attempts, particularly by organized groups, means that complacency is not an option. IT managers must consider alternative approaches to defending their networks and must turn their focus to tools, products and techniques that approach security in different ways.
The Artful Dodge
Detecting malware is far from the best approach to avoiding security compromises. Instead, IT managers should think about ways to avoid malware altogether. If it’s not on the network, then it doesn’t have to be detected and neutralized.
Often, the rise in shifting attacks requires re-evaluating traditional security products in a new light. Intrusion prevention systems (IPSs) have been seen as tools to detect active server attacks, but they’re equally valuable as a means of protecting end-user systems if properly configured and managed. IT managers should evaluate their IPS investment to see if it is providing an effective protection to users.
Similarly, URL filters have often been deployed to prevent misuse, but they can also be easily configured to help block users from connecting to suspicious sites.
In some cases, a bigger shift may be necessary to put up a strong front against new attack techniques. Traditional firewalls have been seen as ineffective when so much Internet traffic passes barely examined through ports 80 and 443. But next-generation firewalls, with their application awareness and focus on deep packet inspection, can be a valuable part of a well-rounded security program, providing visibility into user activities and enabling control over outbound traffic.
The same is true of tools such as traditional anti-malware. These need to be re-evaluated for effectiveness. IT managers should be looking at alternative options for malware detection, such as sandboxing and reputation-based tools moving into mainstream use. They can also practice malware avoidance by using techniques such as application whitelisting.
Want to learn more? Become an insider and access CDW's Next-Generation Security Reference Guide.