Cat and mouse game likely to continue for some time
Despite the improvements in technology, security solutions providers are not able to stay one step ahead of hackers or predict the attacks. Industry experts said the cat and mouse game will always continue.
“We can always look at pre-emptive measures but whatever the hacker thinks, the industry is not going to figure it out until the damage is done. You can never get 100 per cent security ... that is impossible,” said Kalle Bjorn, Director of Systems Engineering for Middle East at Fortinet.
The targeted attacks and advanced persistent attacks are the big things in the news lately. The motto is “prevention is better than cure and that applies to this industry also. Having different layers of protection can limit the damage,” he said.
Experts said the most secure network is the one not connected to the internet.
Sebastien Pavie, regional director for enterprise and cybersecurity at Gemalto META, said that security solution providers are more on the preventive side.
“The cat and mouse game will go on. The other side of the security story is that to limit the damage. Our job is to secure is data even if it is breached or attacked.
Even if the hackers on the data, all they are encrypted data and which is of no use to them. All they [hackers] want to do is market the data,” he said.
If you remove the preventive measures, he said the attacks may be 10 or 100 times worse.
“We very much believe in protective measures and protect company’s assets,” he said.
Malware behaviour
Bjorn said that it is a never ending story as long as money is involved. The traditional security-based products are based on signatures [known malware or known attack]. For the past several years, it is based on behavioural-based deduction. There are endpoint vendors that actually look at certain indicators of the behaviour of the malware rather than signatures. There are also Sandbox technologies for the past five years and there have been a lot of deployments.
He said that security researchers rely heavily on sandboxing technologies to analyse malware behaviour. By creating an environment that mimics or replicates the targeted desktops, researchers can evaluate how malware infects and compromises a target host. Numerous malware analysis services are based on the sandboxing technology.
“Using the sandboxing technology, we can create a new signature on the spot that allows us to detect new threats. Security is not just a single product; all of it is based on policies. The recent WannaCry attack was due to users not updating the patch for old Windows. The patch was available in March,” he said.