Making intrusion prevention and malware protection work together to combat modern attacks

There’s a lot of talk in the security industry and among organisations about the threats we face – malware, advanced persistent threats, zero-days, targeted attacks, viruses, Trojans, Distributed Denial of Service attacks, worms, phishing...the list goes on and on. But no matter how you parse it, it all comes down to threats. More specifically, two fundamental types of threats: known and unknown.

Known threats are the threats security tools are designed to detect and protect against. Still, successful attacks by known threats happen and there’s room for improved protection.

Historically static defences quickly lose touch with the environment they’re meant to protect, reducing their effectiveness. Most lack real-time network visibility to be aware of changes to the IT environment and adjust defences accordingly, the ability to detect polymorphic files that change just enough to fool signature engines and the ability to share intelligence with other security tools.

Unknown threats pose an even greater challenge for defenders. These sophisticated threats stealthily evade detections, moving through an environment to reach the target and establishing a beachhead for subsequent attacks. Traditional, point-in-time detection tools, like sandboxing that analyses files in a tightly controlled environment, can mitigate some risk but don’t – and can’t – continue to track files to retrospectively detect, understand and stop threats that initially appear to be safe but later exhibit malicious behaviour.

As an IT security professional, it’s your job to protect against both types of threats. While it is a challenge, it isn’t insurmountable. Three advanced technologies can make intrusion prevention systems (IPS) smarter and malware protection more efficient: contextual awareness, big data analytics and collective security intelligence – all working together.

Contextual Awareness: Today’s extended networks include endpoints, mobile devices, and virtual environments and data centres. Attackers often know more about these networks than the network owners and are using it to their advantage. For security tools to be effective they need complete contextual awareness of the dynamic environment they protect. Consider technologies that offer continuous and total visibility into all devices, applications and users on a network as well as an up-to-the-minute network map, including profiles on client applications, operating systems, mobile devices and network infrastructure – physical and virtual. Smarter security solutions use the data related to your specific environment and automation to help you make more informed and timely security decisions. Visibility into file activity is equally important – knowing file heritage, behaviour, and network trajectory provides additional context, or indicators of compromise, which help to determine malicious intentions, impact and accelerate remediation.

Big Data Analytics: Security has become a big data problem. Technologies that tap into the power of the cloud and sophisticated analytics of large data sets are needed to deliver the insight organisations need to identify more advanced, highly targeted threats. The virtually unlimited, cost-effective storage and processing power of the cloud lets users store and monitor information about unknown and suspicious files across your entire IT environment and beyond. Security tools that use a telemetry model to continuously gather data across the extended network and then leverage big data analytics help to detect and stop malicious behaviour even after a threat has passed through the initial lines of defence. This deeper level of analysis identifies threats based on what the file does, not what it looks like, enabling detection of new unknown types of attacks.

Collective Security Intelligence: To identify more obscured threats, there’s strength in numbers. Individual files shouldn’t be analysed in a vacuum – collective security intelligence enabled by the cloud is required. Look for security technologies that can draw from a widespread community of users to collect millions of file samples and separate benign file and network activity from malicious based on the latest threat intelligence and correlating symptoms of compromise. Going a step further, this collective intelligence can be turned into collective immunity by sharing the latest intelligence and protections across the user base.

Attackers have learned how to find and anticipate gaps in protection and evade detection. Using real-time visibility, big data analysis and community intelligence to connect traditionally disparate technologies is what it will take to defend modern networks against modern attacks. To more effectively protect against known and unknown threats IPS and malware protection, IT professionals must work together, in a continuous fashion, to secure networks, endpoints, virtual machines and mobile devices.

Chris Wood is regional director, A/NZ at Sourcefire, now a part of Cisco.

Join the CSO newsletter!

Error: Please check your email address.

More about CiscoCisco SecurityCisco SecurityIPS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Chris Wood

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts