Indeed, networks have become exposed to an increasing number of potential threats. These threats can pass through defences today and become maliciously repurposed tomorrow. As such, point-in-time detection and blocking is no longer enough. Instead, companies should leverage on the analysis of threat intelligence as an aid to their existing defence and detection solutions. Technologies need to address the full attack continuum - before, during and after an attack, using a continuous capability.
There is a crucial need to identify security approaches that use cloud analytics to evaluate suspicious or unknown files against the latest threat intelligence for an extended period of time, and share that intelligence across the community of users. The capability to perform deeper analytics to correlate events, find systems that demonstrate symptoms of active compromise, and automate analysis and risk prioritisation can serve to mitigate damage and speed remediation.
Apart from ensuring that there are strong prevention systems and initiatives in place, companies also need to focus on developing better and faster detection methods through a blend of people, processes and technology. Organisations need technologies that continuously monitor files originally deemed safe or unknown, and enable them to apply retrospective security - the ability to quickly identify, scope, track, investigate and remediate if these files are later determined to be malicious.
However, thwarting attacks can't just be about products, but also process and personnel. In the event of an attack, organisations need documented Incident Response processes and policies, and a designated team that can leverage data from security tools to make educated decisions and take quick action.
Ammar Hindi is Managing Director for Asia Pacific, Sourcefire.
Sign up for Computerworld eNewsletters.