Organizations still feel safe and trust old, traditional security, when they are really not even near being able to deal with modern threats. Firewall UTM is your savior? counting on Security information and event management (SIEM) to let you know?
Traditional layers of security we all have on our network, such as Firewall, Antivirus, Intrusion prevention and detection systems – more and more fail to secure and are simply no longer effective dealing with the modern malware threats which are built to easily penetrate through old security.
Organization Users, Apps and Networks, are constantly transformed to the Cloud, and are out of traditional security perimeters. Network borders are becoming irrelevant, old school solutions are simply not capable of providing security in this architecture, and will keep losing battles to today's threats. Someone once said it is like protecting your country only with a wall, not taking into account new threats such as air or sea attacks.
A few examples for scenarios where traditional security will very likely fail to protect:
INFECTIONS BY ENCRYPTED TRAFFIC
In the past few years, the majority of internet traffic became encrypted with SSL. Unencrypted web traffic is now less than half of internet traffic. Google, Facebook, YouTube, 365, Dropbox, Google Drive – all now run over SSL and this changes the way protection is to be made.
In order to scan encrypted traffic, you need to decrypt it. To decrypt it, you need resources… lots of it. Traditional Security is not built for decrypting 60% of passed through traffic, and with limited resources, they reduce loads by whitelisting destinations to save on resources. “Trusted” sites and CDNs will be the first to be bypassed.
INFECTIONS VISITING A "LEGITIMATE" SITE
Such infection is very common in the last few months. This method takes advantage of the fact that the site is supposedly clean and trusted, thus old school security does not scan this traffic, or fails to identify the specific module within the webpage page, which was hacked and contains the payload.
A firewall/UTM would obviously fail with access control, as outbound web traffic HTTP/HTTPS is permitted for users. DNS based solutions which are seen lately, will not be able to address this challenge either, as it relays on the site reputation and not its content.
INFECTIONS WHILE OUTSIDE CORP NETWORKS
This would be the biggest challenge for traditional security, as the user is outside the network, perhaps at home; perhaps letting his children use his work laptop.
Infecting in this case is easiest of all, as there is hardly any security system protecting the station. This is seen with Ransomware infections, which would explode on the local network when the user is back in office or connected via VPN.
DOWNLOADING A NEW/UNKNOWN/ZERO-DAY MALWARE
This method takes advantage of the fact that traditional security is using a database of file hashes when looking for malware; it does not scan the content. Such threats penetrate easily though FW and AV when the malware is unknown or just not “old” enough to be included in the latest update to all security appliances around the world.
If an organization is under a targeted attack (custom made), old security does not stand a chance to protect or event to detect.
In case of infection, how long does it take for IT to acknowledge they are compromised? Surveys claim nearly a year in average. Prevention is important, but it should be backed up with Detection and Response.
Visibility is key for identifying threats and threat patterns. Traditional solutions such as SIEM, are used for gathering logs but they are not really alerting IT about infections and their remediation, as they do create a lot of time consuming work for their complex management and non-focused, never-ending alerting. who’s monitoring the monitor?
In conclusion, Firewalls, AV, IDS, IPS and other old security layers are not enough to stop malware threats. Even monitoring these layers is no longer effective. A different way of thinking must be adopted.
Are you still relying exclusively on old school technologies to protect your organization?
To learn more about how we help fill these gaps and secure more efficiently, and to run a free security preview, click here.
למד עוד כיצד אנו מסייעים ללקוחותינו ברחבי העולם
לעשות צעד קדימה