Story image

Cyber crisis continues unabated – is ATP the answer?

15 Nov 2018

Statistics on cybercrime certainly makes for some pretty grim reading.

The security landscape is growing exponentially every day, and this growth is true both in terms of the number of threats as well as the complexity of these risks.

A report from Risk Based Security found more than 4.2 billion records were exposed during data breaches in 2016, nearly 4x the previous record of 1.1 billion.

According to IBM, cybercriminals are estimated to have made an incredible $1 billion from ransomware in 2016. Half of the executives that coughed up money handed over more than US$10,000 each, while 20 percent paid more than $40,000.

While it’s clear organisations around the world face security and productivity challenges every day, Juniper Networks says it’s the zero-day malware that often goes undetected because traditional security devices, which rely on signature-based detection, can’t see it.

“In many cases these days, advanced adversaries are leveraging zero day attacks that they create, or even buy on the open market, to attack not only infrastructure, but specifically target users or companies and exploit the trust models which give them access to the information they desire,” says Juniper Networks security solutions architect Andy Leung.

“Examples have been found where malware can intelligently evade solutions by turning off anti-virus solutions, by detecting whether they are in virtualised sandbox environments and if so not even activating themselves, or by even emulating legitimate user behavior to disguise and distract from nefarious activities. In many cases, traditional security mechanisms are no longer sufficient to prevent exfiltration of sensitive data.”

According to Juniper, these traditional security devices that are deployed inline have a very limited amount of time in which to decide whether an object is malicious or not – longer than just a few milliseconds and there will be negative impacts on modern real time applications resulting in a poor user experience.

And then of course there is the problem of security teams being overwhelmed by copious amounts of alerts, with the result being they can often fail to recognise and act when an incident is actually critical.

Leung says with the security landscape accelerating faster than the skilled resource pool, the maintenance and growth of security teams is becoming prohibitive for most organisations.

So what’s the solution? Juniper says it lies in equipping security teams with its Advanced Threat Prevention (ATP) Applicance to provide comprehensive on-premise protection.

The Juniper ATP Appliance uses advanced machine learning and behavioural analysis technologies to identify existing and unknown threats in near real time. This is conducted through continuous, multistage detection and analysis of web, email, and lateral spread traffic moving through the network.

The ATP Appliance ingests threat data from multiple security devices, applies analytics to identify advanced malicious traits, and aggregates the events into a single comprehensive timeline view of all the threats on the network. Organisational security teams can quickly see how the attack unfolded and easily prioritise and action critical alerts.

Malicious IP addresses are pushed to firewalls to block the communication between command-and-control servers and infected endpoints. Infected hosts are isolated through integration with network access control devices providing near real time incident response capabilities to organisations.

In the ongoing battle against cybercrime, it’s clear that businesses are going to have to take measures to stack the odds more in their favour.

To find out more about Juniper ATP visit Juniper’s security webpage, The Shield.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.