Story image

Cyber crisis continues unabated – is ATP the answer?

15 Nov 18
Sponsored

Statistics on cybercrime certainly makes for some pretty grim reading.

The security landscape is growing exponentially every day, and this growth is true both in terms of the number of threats as well as the complexity of these risks.

A report from Risk Based Security found more than 4.2 billion records were exposed during data breaches in 2016, nearly 4x the previous record of 1.1 billion.

According to IBM, cybercriminals are estimated to have made an incredible $1 billion from ransomware in 2016. Half of the executives that coughed up money handed over more than US$10,000 each, while 20 percent paid more than $40,000.

While it’s clear organisations around the world face security and productivity challenges every day, Juniper Networks says it’s the zero-day malware that often goes undetected because traditional security devices, which rely on signature-based detection, can’t see it.

“In many cases these days, advanced adversaries are leveraging zero day attacks that they create, or even buy on the open market, to attack not only infrastructure, but specifically target users or companies and exploit the trust models which give them access to the information they desire,” says Juniper Networks security solutions architect Andy Leung.

“Examples have been found where malware can intelligently evade solutions by turning off anti-virus solutions, by detecting whether they are in virtualised sandbox environments and if so not even activating themselves, or by even emulating legitimate user behavior to disguise and distract from nefarious activities. In many cases, traditional security mechanisms are no longer sufficient to prevent exfiltration of sensitive data.”

According to Juniper, these traditional security devices that are deployed inline have a very limited amount of time in which to decide whether an object is malicious or not – longer than just a few milliseconds and there will be negative impacts on modern real time applications resulting in a poor user experience.

And then of course there is the problem of security teams being overwhelmed by copious amounts of alerts, with the result being they can often fail to recognise and act when an incident is actually critical.

Leung says with the security landscape accelerating faster than the skilled resource pool, the maintenance and growth of security teams is becoming prohibitive for most organisations.

So what’s the solution? Juniper says it lies in equipping security teams with its Advanced Threat Prevention (ATP) Applicance to provide comprehensive on-premise protection.

The Juniper ATP Appliance uses advanced machine learning and behavioural analysis technologies to identify existing and unknown threats in near real time. This is conducted through continuous, multistage detection and analysis of web, email, and lateral spread traffic moving through the network.

The ATP Appliance ingests threat data from multiple security devices, applies analytics to identify advanced malicious traits, and aggregates the events into a single comprehensive timeline view of all the threats on the network. Organisational security teams can quickly see how the attack unfolded and easily prioritise and action critical alerts.

Malicious IP addresses are pushed to firewalls to block the communication between command-and-control servers and infected endpoints. Infected hosts are isolated through integration with network access control devices providing near real time incident response capabilities to organisations.

In the ongoing battle against cybercrime, it’s clear that businesses are going to have to take measures to stack the odds more in their favour.

To find out more about Juniper ATP visit Juniper’s security webpage, The Shield.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.