There’s still a lot work to do in cyber security and Greg Sim, CEO at Glasswall Solutions, believes that big vendors have a tendency to oversell their services
Anyone would think zero-day attacks are unpreventable following a recent claim from one leading cyber-security vendor. FireEye this year claimed to have discovered ‘29 of the last 53 zero-day attacks’. Some 24 exploits remained undetected, yet this was still celebrated as a monumental achievement. Such a statement leaves little comfort for the businesses who found themselves victims, so is it time to just give up completely and let the cyber criminals take over?
Though businesses are finally waking up to the realisation that the big players in anti-virus technology can no longer fully protect us, many organisations seem to regard extortion via cyber-attack as an inevitable cost. There is no need for this defeatism given the level of protection now available from more innovative vendors using file-regeneration technology.
Zero-day exploits, lest we forget, are unrecognised attacks that come in a form not previously detected, more often than not hidden in email attachments until some unfortunate member of staff unwittingly clicks one open, triggering the download of ransomware or a massive theft of data. One version of the CryptoWall ransomware is reckoned to have generated $325 million in 2015.
Unfortunately, evidence is growing that conventional anti-virus defences are simply redundant as hackers become more sophisticated. Analysis by threat intelligence experts Virus Bulletin, for instance, shows that between 2015 and 2016, detection of previously unknown threats decreased from around 80 per cent to between 67-70 per cent.
“It only takes one attack to devastate an organisation.”
Greg Sim,Glasswall Solutions
But what really shoots the wheels off the anti-virus industry, is the survey’s revelation that some vendors achieved better testing results with their free products than they did with their premium.
Whatever the figures they say, it only takes one attack to devastate an organisation. Innovation and new approaches to security are available that will lock out all malware. The fact is that email attachments are now the main vector for attacks on businesses for the simple reason that there are billions in circulation every day.
Research from Webroot has found 97 per cent of malware is now unique to a specific endpoint. This renders signature-based security virtually useless because such heavily customised malware is extremely difficult to detect.
Instead, file regeneration technology keeps every form of malware at the door. It checks that common file-types used by criminals to hide their zero-day exploits conform to the manufacturer’s standard, conducting deep inspection of every email attachment.
Organisations can use this kind of technology to regain control, setting their own policies and levels of risk in relation to the requirements of departments or employees. It is a question of allowing the known in and being fully confident that the main source of zero-day threats has been completely blocked.
Greg Sim is the CEO at Glasswall Solutions