Advanced Threat Protection: Next-Gen Security against the New-Age Cybercriminals

Data breaches cause reputational harm and business interruptions, but most of all—they’re expensive. In 2015, Symantec witnessed the largest data breach ever publicly reported with 191 million records compromised in a single incident. The digitally enabled era has impacted individuals, businesses and governments alike making cyber crime a part of our daily lives. The recently launched Symantec's Internet Security Threat Report Vol. 21 (ISTR) reveals an explosion of a record-breaking 54 Zero-Day vulnerabilities, a 125 percent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks. Meanwhile, malware increased at a staggering rate with 430 million new malware variants discovered in 2015. The sheer volume of malware proves that professional cybercriminals are leveraging their vast resources in an attempt to overwhelm defenses and enter corporate networks. Traditional solutions are no longer enough with the kind of threats that are surfacing.

In today’s complex and rapidly changing threat environment, information security professionals are encountering increased number of security breaches than ever before. Cyber criminals are adopting corporate best practices and establishing professional businesses to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cyber criminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats while fueling the growth of online crime. Most businesses also have to deal with a number of trends that are fundamentally reshaping the IT landscape, including a dramatic shift to mobile platforms and the proliferation of IoT devices. One of the greatest advantages of a mobile-enabled workforce is the “always-on” approach which enables the employees to always stay connected. Unfortunately, this also expands risk as they are now traveling the world with access to corporate data anywhere, anytime. As the popularity of smartphones surges, IT departments have learnt to deal with the trend of “Bring Your Own Device”, “Bring Your Own Application” and “Bring Your Own Cloud” into the workplace. Datacenter Security monitoring for physical and virtual servers, on-premise and in-the-cloud are also on the IT department's agenda. Hence, the employers need to embrace the use of mobile devices and cloud storage tools, such as Dropbox and Google Drive, for both work and personal agendas or risk losing their talent. Even the software-defined data center introduces many new possibilities for businesses, however, the key lies in ability to provide security at the speed of light with the widespread use of virtualization.

In 2015, Indian organizations were the 6th most targeted in Asia, with targeted organizations on the receiving end of two attacks on an average. In such a scenario, many of the CISOs have one but top-of-the-mind issue: How do they deal with the flood of security challenges they’re now facing and where they can find the solutions that will keep their enterprises safe from new age security threats?

Uncover advanced threats – The first step is to gain visibility of the present state of dormant and active live threats within your network environment and across your IT asset estate. Advanced attacks can cut across multiple control points making it worse for customers. What's more, many threats go undetected for months or longer. The IT department will need to secure users devices accessing emails and also provide additional access to content and web apps. Considering threat protection solutions for the organization that can detect and analyze advanced attacks designed to bypass traditional security defenses is a viable option.

Prioritize what matters - Today’s security products are largely not integrated – security analysts need to examine many distinct consoles and manually “connect the dots” to get visibility into suspicious activity in their environment. Following this, once a security team does learn about an attack inside their organization, it can require days, weeks, or even months to completely remediate it. That’s why organizations should assess the situation and prioritize those that are the most critical and time-sensitive. The vulnerabilities that could lead an attacker to business critical assets and easily exploitable vulnerabilities must be prioritized.

Remediate with Speed – For incident response teams, the clean-up process often requires manually hunting through hundreds or thousands of systems to find all of the attack artifacts and remediate all attack components. Followed by individual policy updates to each individual security product - networks, endpoints and e-mail gateways - to ensure that the attack can’t gain access to the company again in the future. All these takes a lot of time and organization can’t always patch or remediate all IT vulnerabilities as soon as they’re discovered.

Organizations must identify and isolate vulnerabilities that will have the greatest impact, and deploy their limited resources in the most effective manner possible. For example, If an employee looses his/her phone or PDA that was issued by an organization, the IT department may consider revoking issued certificates or them to log into websites to change their password immediately. Furthermore, companies should opt for security products that can provide administrators with the visibility and “rich” intelligence needed to uncover and remediate advanced attacks.

Leverage existing investments – Organizations don’t want to install any more point products or any new agents that potentially cause disruption to their entire enterprise. Solutions like Symantec Advanced Threat Protection (ATP) leverages existing threat protection infrastructure, helping companies to achieve an effective data protection regime without the expense and implementation issues from vendors.

Indian enterprises need to plan for repeated targeted attacks since it is no longer a question of, ‘if’ or ‘when’ but ‘how’ often will you be attacked. Above were some of the steps businesses can consider to protect against security breaches. By adopting strategies that are flexible and scalable and taking advantage of new and upcoming security features, organizations will be better-equipped to deal with incoming — and even sometimes unforeseen — challenges to their security infrastructure.