Cyber-targeted attacks such as APTs are the primary cause of concern for any organization that holds data which can be of interest to attackers. The motivations are diverse and the attackers are highly sophisticated and relentless in their approach. Traditional security tools are proving to be ineffective against such attacks as evidenced by the ubiquitous stories of successful breaches.  In this time, it is considered that the more security tools you have the better secure you are which is not necessarily true.

Advance persistent threats are intelligent attacks and no matter how many controls you have in place the attacker can always learn from their failures and will eventually come up with something to evade your defenses. The key  to  prevent any significant damage is to strengthen your preventive controls and to have the ability to detect the attack at the earliest and respond to it swiftly.

Here in this blog we have shortlisted 5 key technologies to help you fight against Zero Day Malware.

Sandboxes

A sandbox is a security mechanism to analyze the behaviour of any suspicious file types and web objects by allowing it to execute in an isolated environment with constrained resources. It allows one to execute any untested, un-trusted/outsourced code without causing any damage to the host machine and production environment

Deployment options

  • On-premise: Sandbox appliance is present on-premise. All the network security solutions such as firewalls, IDSes, IPSes, SWGs and SEGs feeds suspicious files into the sandbox and based on the analysis it assigns threat score for the same.
  • Cloud based: Sandbox appliance resides in Cloud. This deployment is very cost-effective as it reduces the cost of owning and managing appliance. Also the licensing options are flexible in this regard which further reduces the TCO.

Big-data based Behavioral Analysis for Network traffic 

Network behavior analysis is particularly good for detecting new malware and zero day exploits. It is the Big-data analysis approach to solve the current security challenges related to targeted cyber attacks. The solution collects data from inside the network through sensors and other security tools and build a baseline behavior model for normal day to day chores. NBA then passively monitors the network for any anomaly in the base line behavior and if detected locates the problem point and inform the administration for further action.

NBA systems are able to detect threats against which other security tools are ineffective – for example purpose-written malware, viruses and botnets not detected by antiviruses, social engineering and other threats associated with internal network users

Deception technologies 

Deception technology is the latest armament in the fight against Advance malware and Zero-day attacks. Deception technologies deploys a network of camouflaged malware traps that are intermingled with the organizations real IT assets. the attackers will never know as the traps are identical in every way to the real IT  systems.  Once the attackers when compromising your network steps on one of the deception traps, a red flags is raised immediately. The Traps also analyzes the attackers tactics, techniques by keeping them occupied, giving them false information and making them feel that they are hacking into real IT assets.

Network forensics tools 

They are basically Network packet capture tools, which records and analyzes the network events in order to discover the root-cause of security incidents and other problems.According to Simson Garfinkel, there are two approaches to build a monitoring Workstation

  • "Catch-it-as-you-can" approach: Immediately writes the packet to a disk file, Buffering in memory as necessary, and perform analysis in batches.
  • "Stop, look and listen" approach: Analyze the packets in memory, perform rudimentary data analysis and reduction, and write selected results to disk.

Application virtualization 

Application virtualization is a technology by which any application can be made available to the end user locally without installing the application on the local computer via remote display protocol. This has many benefit other than  security such as it provides central management (Patching, upgrading, migration etc), Application components are made available on demand, Reduce attack surface, mobility etc.

You need to be a member of CISO Platform to add comments!

Join CISO Platform