Cyber crisis continues unabated – is ATP the answer?
Statistics on cybercrime certainly makes for some pretty grim reading.
The security landscape is growing exponentially every day, and this growth is true both in terms of the number of threats as well as the complexity of these risks.
A report from Risk Based Security found more than 4.2 billion records were exposed during data breaches in 2016, nearly 4x the previous record of 1.1 billion.
According to IBM, cybercriminals are estimated to have made an incredible $1 billion from ransomware in 2016. Half of the executives that coughed up money handed over more than US$10,000 each, while 20 percent paid more than $40,000.
While it's clear organisations around the world face security and productivity challenges every day, Juniper Networks says it's the zero-day malware that often goes undetected because traditional security devices, which rely on signature-based detection, can't see it.
"In many cases these days, advanced adversaries are leveraging zero day attacks that they create, or even buy on the open market, to attack not only infrastructure, but specifically target users or companies and exploit the trust models which give them access to the information they desire," says Juniper Networks security solutions architect Andy Leung.
"Examples have been found where malware can intelligently evade solutions by turning off anti-virus solutions, by detecting whether they are in virtualised sandbox environments and if so not even activating themselves, or by even emulating legitimate user behavior to disguise and distract from nefarious activities. In many cases, traditional security mechanisms are no longer sufficient to prevent exfiltration of sensitive data.
According to Juniper, these traditional security devices that are deployed inline have a very limited amount of time in which to decide whether an object is malicious or not – longer than just a few milliseconds and there will be negative impacts on modern real time applications resulting in a poor user experience.
And then of course there is the problem of security teams being overwhelmed by copious amounts of alerts, with the result being they can often fail to recognise and act when an incident is actually critical.
Leung says with the security landscape accelerating faster than the skilled resource pool, the maintenance and growth of security teams is becoming prohibitive for most organisations.
So what's the solution? Juniper says it lies in equipping security teams with its Advanced Threat Prevention (ATP) Applicance to p
rovide comprehensive on-premise protection.
The Juniper ATP Appliance uses advanced machine learning and behavioural analysis technologies to identify existing and unknown threats in near real time. This is conducted through continuous, multistage detection and analysis of web, email, and lateral spread traffic moving through the network.
The ATP Appliance ingests threat data from multiple security devices, applies analytics to identify advanced malicious traits, and aggregates the events into a single comprehensive timeline view of all the threats on the network. Organisational security teams can quickly see how the attack unfolded and easily prioritise and action critical alerts.
Malicious IP addresses are pushed to firewalls to block the communication between command-and-control servers and infected endpoints. Infected hosts are isolated through integration with network access control devices providing near real time incident response capabilities to organisations.
In the ongoing battle against cybercrime, it's clear that businesses are going to have to take measures to stack the odds more in their favour.