Defence key to living in modern threat environment - Symantec

"Cyber attackers are leapfrogging defences in ways companies don’t even have the insight to anticipate"

Now in its 20th year, Symantec has released its annual threat report. We spoke with Piero DePaoli, Senior Director for Global Product Marketing for Information Security at Symantec at the recent RSA Conference.

“There’s really three big areas on the cybersecurity side. The first one is cyber attackers are leapfrogging defences in ways companies don’t even have the insight to anticipate.

While phishing attacks and their highly targeted siblings spear-phishing attacks involve targeted messages being sent to individuals, Symantec has coined the term “watering hole attack” to describe an evolving threat vector.

In a watering hole attack attackers infiltrate places people go. For example, they might inject a vulnerability into a website they know their visits. This bypasses the measures put in place to block malicious email.

A variation of this is bad actors infiltrating software used in specific industries with malicious payloads. For example, if a mining company uses a specific application, a hacker could infect that software at the developer’s site so that the malicious payload enters the mining company through a seemingly legitimate channel.

In some cases, Symantec has seen determined attackers use spear phishing, watering hole and infected software at the same time to infiltrate a target.

DePaoli said the second main finding of the report is attackers are moving faster than the defences. This was highlighted by 2014 marking the largest number of identified zero day vulnerabilities. Symantec reported 24 new zero day threats, up from 23 the year before and 12 in 2012.

An example of the speed at which attackers are moving is the emergence of Heartbleed last April. Within four hours of Heartbleed becoming public, there were exploit kits available.

One of the issues, according to DePaoli is it took a combined total of 295 days to issue patches for the top five zero day vulnerabilities.

“This is where you start to look at defences. If you look at a vulnerability that is now known and patches aren’t available, organisations are ripe for being hit by these sorts of attacks”.

The marked acceleration in the detection and release of significant threats is a major issue for the security industry. With a new zero day vulnerability appearing almost every two weeks, it seems that no sooner is one vulnerability detected and remediated than another appears.

It seems the bad guys have an almost inexhaustible bag of unexploited threats that they can pull from. Many of the vulnerabilities affect older software. But DePaoli hopes modern applications are written with security at their core rather than bolted on as an afterthought.

“My hope is that modern software, especially cloud software and mobile software is being written knowing that we are living in a different world than we were when these software packages were developed”.

Given this threat environment, DePaoli suggests taking a more granular approach to security. Rather than traditional perimeter security, he recommends limiting access to specific servers only to those who need them and placing defences around specific data and assuming attackers will bypass the perimeter.

“Most servers have a specific purpose. They don’t need to be ‘default allow’ and then try to block a bunch of stuff, even if it’s inside the network. Why not ‘default deny’ and then turn on the services that are needed?”.

One of the important developments is that security is becoming mainstream according to DePaoli. “Security was an IT topic, maybe a geek topic for organisations five years ago. It’s becoming mainstream news and part of everyday life”.

Anthony Caruana attended RSA Conference as a guest of Symantec.

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityPiero DePaolisymantecthreat environment#RSACHeartbleedvulnerabilityphishing attacksCSO AustraliaRSA Conference

More about RSASymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place