The recent spate of cyber attacks have garnered increased attention in the security industry and among government agencies about the threats faced. During the Asia Pacific Defense Forum in 2013, it was brought to light that countries in the Asia Pacific region are being drawn into an 'information war' against computer hackers from various geographic locations.
Several websites in Southeast Asia have been attacked in recent months resulting in temporary to long-term disruptions, damage to business reputation and loss of productivity. There appears to be a rise in the malware economy where exploits and custom malware are being designed here in the Asia Pacific region and traded globally. These attacks can appear in the form of malware, advanced persistent threats, zero-days, targeted attacks, viruses, Trojans, Distributed Denial of Service attacks, worms, phishing...the list continues. However no matter how you parse it, it all comes down to threats. More specifically, two fundamental types of threats: known and unknown.
Known threats are the ones security tools are designed to detect and protect against. Still, successful attacks by known threats happen, leaving room for improved protection. Static defences have been known historically to quickly lose touch with the environment they're meant to protect, reducing its effectiveness. Most lack real-time network visibility to be aware of changes to the IT environment and adjust defences accordingly, the ability to detect polymorphic files that change just enough to fool signature engines and the ability to share intelligence with other security tools.
Unknown threats pose an even greater challenge for defenders. These sophisticated threats stealthily evade detections, moving through an environment to reach the target and establishing a beachhead for subsequent attacks. Traditional, point-in-time detection tools, like sandboxing that analyses files in a tightly controlled environment, can mitigate some risk but don't - and can't - continue to track files to retrospectively detect, understand and stop threats that initially appear to be safe but later exhibit malicious behaviour.
IT security professionals within government agencies are faced with the challenge of protecting their networks against both types of threats. Nations worldwide are scrambling to defend themselves not with weapons of warfare but with computers, software and technology experts.
However, the challenge of protecting government agencies from cyber attacks isn't an insurmountable task. Three advanced technologies can make intrusion prevention systems (IPS) smarter and malware protection more efficient: contextual awareness, big data analytics and collective security intelligence - all working together to combat threats.
Contextual Awareness - Today's extended networks include endpoints, mobile devices, and virtual environments and data centres. Attackers often know more about these networks than the network owners and are using it to their advantage. For security tools to be effective, they need complete contextual awareness of the dynamic environment they protect.
Sign up for Computerworld eNewsletters.