6 IT Security Innovations to Keep You Ahead of Attackers

Security threats abound in the enterprise. Today's IT security professionals must worry about malware, spyware, hackers, DDoS attacks, hijacked USB drives, spies, cyberwar and other vulnerabilities too numerous to mention.

Fortunately, technological innovations are emerging to help block these types of attacks. Companies such as Seclore, for example, offer services that are designed to protect not just the delivery of documents outside an organization, but controlling how long someone has access to those docs. With new kill-chain tactics, meanwhile, a start-up such as CloudStrike says it can determine not just the nature of a new attack but also develop a profile of the attacker.

These innovations, along with four others, described below might be the answer to a common dilemma: Relying too long on the standard security techniques that a large company installed long ago.

Seclore: Controlling When, How Information Can Be Accessed

Security inside an organization is one thing. Protecting documents and files in the perimeter that's outside the firewall is a greater challenge. Enter information rights management, also known as enterprise rights management; this typically uses encryption, rights policies, full auditing and other security tools to protect sensitive information. IRM tools such as Seclore protect "who, what and when" policies for documents. One critical Seclore feature: IT can also control how long a document is in the hands of someone outside the company. Daimler, Panasonic and Fugro use the service.

Case Study: Using Enterprise Rights Management to Keep Data in-House

TaaSERA: Analyzing Communication Patterns of Malware

It takes more than a clever product name to block malware attacks. TaaSERA does have a clever name-it means Trust as a Service-but the inner working of the detection engine should appeal to CSOs everywhere. The analyzer is what you might call "zero minute" detection; it looks for trace signs of a new malware agent such as the tell-tale signs of infection. The service goes beyond the signature-based security tools that block known viruses, though, using "correlated sequence of inbound exploits, binary downloads, command and control communication and outbound scans" to diagnose malware attacks.

News: Malware With Valid Digital Certificate Strikes Banks

CrowdStrike: Introducing Kill-Chain Tactics

In any war, it's important to know your enemy. While CrowdStrike remains in private beta and will debut this fall, the cloud provider uses a novel approach. The idea is to go on the offensive: The firm's technology analyzes the attacker and develops a model based on what an attacker is trying to do and the tools it is using. This tactic, known as a kill-chain, helps a company strategize about and defend against a known attacker. It can also turn the tables on an attacker by first pinpointing its identity and intent and then "creating doubt and confusion" that ties up resources and denies it access to the information it wants.

Blog: CrowdStrike Chief Risk Officer: Federal Cybersecurity Policy Can't Wait

Trusteer Apex: Behavioral Whitelisting

In addition to the kill-chain tactic, in which you learn about the attacker and the exploits he uses, another emerging tactic has to do with checking for application vulnerabilities. Many companies spend most of their efforts on signature-based protection and zero-day patches. Trusteer Apex takes a novel approach because it analyzes what an application is doing, and why it's doing it, to determine if it's exposed to threats and block those gaps. If there is an attack, Apex also blocks the malware from communicating back to the Internet.

News: Banking Malware Returns to Basics to Evade Detection, Trusteer Says

Veracode: Vendor Application Security Testing

Last year, analyst firm Quocirca found that 65 percent of the applications at large companies are from third-party vendors. While enforcing security policies for internal apps is more of a known quantity, compliance with vendors is not as controllable. Veracode VAST is a tool for verification and validation of security compliance for third-party vendors. The reporting tools do not access code directly, but it does analyze behaviors that could pose a potential threat. From there, it verifies whether a vendor's app meets an enterprise's security policies.

More: XSS Flaws Plague Web Applications, Veracode Report Says

Seculert: Big Data Analytics of All Security Activity

Getting the big picture on a massive data store is next to impossible. Big data analytics company Seculert uses the Hadoop programming framework and Amazon Web Services to analyze data stores for threats. This makes for quick, inexpensive deployment. Data is ingested in massive quantities and analyzed by botnets in the cloud, using techniques such as honeypots and crawlers. If an infection occurs at one organization, Seculert can alert companies that might also be in danger.

More: Java Exploit Used in Red October Cyberespionage Attacks, Seculert Researchers Say

John Brandon is a former IT manager at a Fortune 100 company who now writes about technology. He has written more than 2,500 articles in the past 10 years. You can follow him on Twitter @jmbrandonbb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.

Read more about cybercrime in CIO's Cybercrime Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags CrowdStrikeVeracodeIT SecuritySeculertmalwarecybercrimeTrusteerTasseraSecloreMicrosoftsecuritylegalSecurity | Cybercrime

More about Amazon Web ServicesFacebookGoogleMicrosoftPanasonicTrusteerTrusteerTrusteer

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Brandon

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place