Application Isolation and Control – A Modern Defense for New Threats

By Fraser Kyne, EMEA CTO, Bromium

The detection method for preventing malware is fundamentally flawed, yet it is still the de facto standard in cybersecurity. Day after day, organizations scramble to protect against a growing number of threats, but all it takes is one piece of malware to go undetected to wreak havoc on IT systems.

Ironically, this was predicted by Alan Turing more than 80 years ago. His work proved no standard algorithm could ever predict an outcome for every possibility without falling into a logical paradox because of the halting problem. The halting problem proves that an algorithm cannot predict from a general description of a program and an input whether the program will finish running or execute forever.

The same logic applies to malware detection. A standard algorithm cannot be relied on to correctly identify every single threat that comes knocking because the volume of threats is large and varied, with previously unseen threats emerging every day.

A detection-based approach deployed by IT teams is akin to casting out a net, where the net will either be so large that it tangles itself, or it won’t be cast wide enough and will invariably allow some things to be missed. IT teams are trying to solve this problem by adding more layers to their detection solutions, but all this is doing is casting more nets plagued by the same problems.

Detection-based solutions can Over-complicate security landscapes

Hackers are resourceful, utilizing new tactics – such as polymorphic malware and zero-day exploits – to bypass detection-based software and break into critical IT systems. For example, in the Locky ransomware campaign, hackers customized the malware to execute after the fake document was closed, making it much harder to spot and bypassing the majority of detection-based AV solutions.

Instead of focusing on detection, organizations that are serious about security are starting to rely on segmentation. By segmenting networks and applications, businesses are seeing that they can prevent malware from causing harm and keep data and networks safe.

Segmentation offers businesses protection, but it relies on PCs or applications only having access to limited areas on the network. Early iterations failed to achieve a great uptake because adding new PCs to this system can be incredibly expensive and time-consuming during deployment.

Segmenting IP and sensitive data could also still leave users at risk if they don’t isolate the applications that are being used to access this data. Without a solution to these problems, network segmentation has largely failed to get off the ground and detection has persisted as the leading cybersecurity approach.

By focusing on isolation, security Is simplified and end users are protected

Everybody wants to be able to use technology to do more with less. In this instance, it means deploying more effective and reliable cybersecurity solutions. However, detection involves the complex process of “preventing, detecting, and responding”, where multiple layers of security are deployed to identify malware before it hits. However, these layers simply aren’t sufficient to protect against the volume and sophistication of the ransomware and targeted phishing attacks that are prevalent today. As you might expect, it also creates a tremendous expense.

While there are a few choices available that provide isolation, solutions that do this using virtualization are effectively bullet-proof. While no one can promise 100% protection, virtualization that starts on the chip, stops Meltdown, dramatically limits Spectre and works online or offline, can protect what’s targeted the most: endpoints.

Real solutions with a virtual defense

Isolation through virtualization works by allowing applications to open and carry out each task in its own self-contained virtual environment. This means that every tab that is opened in a browser, every Office or PDF document attached to an email, or any file that runs an untrusted executable, will be opened in an entirely isolated virtual environment that’s running on the hardware itself. The result is that any threat caused by an action in this environment won’t have access to anywhere else on the system and can be easily removed by simply destroying the virtual environment.

This allows users the freedom to download files and open documents, safely, knowing that they are no longer the last line of defense – giving users the ability to click with confidence. In fact, end users can let the malware run, because it doesn’t do any damage, and it allows IT teams to get detailed threat analysis. Users can get back to work; recruiters and HR teams can open emailed CVs, marketers can carry out research even if they click on a phishing link, and R&D teams can share downloaded resources without the fear of being stung by malicious files or links.

For organizations using this new approach, there is less worry. Virtualization-based security is being adopted by the giants: HP and Microsoft now use virtualization-based security to protect users. This is just the tip of the iceberg and marks the beginning of a virtualization revolution in security, where users no longer fear opening links and attachments and organizations can let their teams focus on innovation without worrying about making a security mistake.

About the Author

By Fraser Kyne, EMEA CTO, Bromium Fraser’s role has encompassed a wide range of both engineering and customer-facing activity. Prior to joining Bromium Fraser was a Technical Specialist and Business Development Manager at Citrix Systems. He has been a speaker at various industry events on topics such as virtualization, security, desktop transformation, and cloud computing.

Source: Cyber Defense Magazine
http://www.cyberdefensemagazine.com/application-isolation-and-control-a-modern-defense-for-new-threats/

Read more from Fraser:

10 Things You Need to Know About Ransomware

Some cyber security experts call ransomware attacks an epidemic.

In 2016, the FBI estimated that ransomware attacks resulted in over $1 billion in income for cybercriminals*. Experts attribute the ransomware epidemic to people’s carelessness in clicking on phishing emails and infected advertisements.

Here are 10 things organisations should know about ransomware:

  1. Ransomware was first reported in 1989
  2. Ransomware doesn’t discriminate when it comes to platforms and devices
  3. Ransomware can be distributed through various channels
  4. Ransomware often goes undetected
  5. Organisations should change their mindset from a reactive-based model to a prevention-oriented one
  6. Organisations should develop a prevention and response plan
  7. Organisations should identify a prevention and response team
  8. Organisations should perform a compromise assessment
  9. Organisations should complete a security tools assessment
  10. Organisations should respond and future-proof

Download the full infographic here – Infographic courtesy of Cylance Consulting

As threatening as ransomware sounds, damage can be avoided with increased user awareness coupled with the right security practices. Businesses need to be aware of the risks and take adequate precautions to minimize the impact in the event of an attack.

See Cylance in action for yourself? Register here to join our workshop at The Metal Box Factory in London on the 25th May and see the capabilities for yourself.

*Source: CNN

 

Securing Your Network & Keeping You Compliant in 2017

Happy New YearWishing you a very Happy New Year and a warm welcome back to the office after the Christmas break.

We’ve been working hard to continue to make sure that we offer you the best IT networking & security solutions the industry has to offer. This short update will give you links to valuable resources you may find useful at the start of this year to help you keep your networks secure, fast & compliant. So please take a look and sign up for (and share!) the webinars & events coming up over the next few weeks some of the topics include; cloud security, AI and machine learning, endpoint security, threat prevention and the GDPR.

Cato Networks logo

Security in the Cloud – Are you ready to join the revolution?
Webinar – 25th January

We are delighted to announce our partnership with Cato Networks. Cato Networks is rethinking network security from the ground up and bringing it into the Cloud. Cato connects your branch locations, mobile users, physical and Cloud infrastructure into a secure and optimised global network in the Cloud. Intrigued? Join our webinar on the 25th January to find out more.

Register here for the Cato Networks webinar.

Blackfoot UK logo

GDPR – What you need to do NOW to make sure you are compliant in 2018
Webinar – 22nd February

One of our best attended webinars at the end of last year was around GDPR, so here’s another chance for you to get up to speed. Your customers are more and more aware of their entitlements around data protection; they want privacy rights and strong protections. But are you confident in how to process your customer information in the light of GDPR? Join our webinar for invaluable hints and tips on how to get GDPR compliant NOW.

Register here to attend our GDPR webinar.

Palo Alto Networks logo

Threat Prevention & Advanced Endpoint Protection
Workshop – 8th March

We continue our strong partnership with Palo Alto Networks in 2017 and are pleased to announce our first Ultimate Test Drive workshops for 2017 will be taking place on Wednesday 8th March at Palo Alto Networks, 140 Leadenhall Street, London, EC3V 4Q.

We will be running 2 free sessions on this day, you are welcome to register for one or both sessions.

Session 1: 09.30 – 13:30
Threat Prevention, Ultimate Test Drive

Session 2: 14:00 – 16:00
Advanced Endpoint Protection, Ultimate Test Drive

Register here to attend one or both Ultimate Test Drive sessions.

Cylance logo

Know the Truth
Workshop – 23rd March

Another partnership we are keen to announce is with Cylance. Cylance protects your endpoints against advanced malware with the world’s first antivirus built on artificial intelligence and machine learning. It’s AI and machine learning-based tools prevent threat execution, before the damage is done. It doesn’t simply protect against known threats, it identifies and defuses never-before-seen attacks.  Join our ‘Know the Truth’ workshop on Thursday 23rd March 2017 in central London to find out more.

Register here to join our Cylance endpoint protection workshop.

That’s it for now. If you would like further information on any of the above – and you just can’t WAIT until the dates listed – please get in touch. We’ll be on the case.

Happy January,
Network Utilities Team

Palo Alto Networks Traps – Endpoint Protection

Traps prevents security breaches!

traps-hp-chiclet

Traditional antivirus (AV) is not the solution to endpoint security – it is the problem. AV is no longer effective at stopping today’s cyberthreats and to prevent security breaches in your organization, you must protect yourself not only from known and unknown cyberthreats but also from the failures of any traditional AV solutions deployed in your environment.

Traps replaces traditional antivirus with a proprietary combination of purpose-built malware and exploit prevention methods that protect users and endpoints from both known and unknown threats. With Traps, you prevent security breaches, in contrast to detecting and responding to incidents after critical assets have already been compromised.

The updated release of Traps eliminates the need for traditional AV by enabling you to:

  • Prevent cyber breaches by pre-emptively blocking known and unknown malware, exploits and zero-day threats.
  • Protect and enable your users to conduct their daily activities and use web-based technologies without concern for known or unknown cyberthreats.
  • Automate breach prevention by virtue of the autonomous reprogramming of Traps using threat intelligence gained from Palo Alto Networks WildFire threat intelligence service.

To learn more about Traps and its new updated capabilities download the latest resources from Palo Alto Networks:

  • Solution Brief: Traditional endpoint protection solutions use methods that cannot keep up with the rapidly evolving threat landscape. There’s a new way to approach endpoint security. Prevent breaches – without AV. Advanced Endpoint Protection – Technology Overview
  • Whitepaper: It’s time to replace your traditional antivirus with next-generation endpoint security. But how? Protect Yourself from Antivirus.
  • Datasheet: See how Palo Alto Networks Traps advanced endpoint protection prevents sophisticated vulnerability exploits and unknown malware-driven attacks. Traps Datasheet
  • Dummies Guide: Todays’ sophisticated cyberattacks are designed to inflict maximum damage to an organisations systems and networks, steal sensitive information and render an organisations systems and networks unusable. This guide shows you how to protect your assets. Advanced Endpoint Protection for Dummies.

If you would like to know more about Traps and how Network Utilities can educate and support you please get in touch with our specially trained team.

t: 020 8783 3800 e: sales@netutils.com
www.netutils.com

Credits:
You can read the full blog here written by Michael Moshiri (Director, Product Marketing, Palo Alto Networks).

Other pages of interest:
Palo Alto Networks Raises the Bar for Endpoint Security with Updates to Traps Advanced Endpoint Protection Offering. Read the full blog here.

Independent Authority Certifies that Palo Alto Networks Traps Helps Customers Meet PCI and HIPAA Cybersecurity Requirements. Read the full blog here.

About Network Utilities
Identity Centric Networks & Security

Network Utilities (Systems) Ltd have been providing identity centric network and security solutions to organisations ranging from Telecoms and ISPs to large corporates and SMEs for over twenty three years. Partnering closely with both industry leading and niche technology vendors to bring customers the best solutions the industry has to offer. Read more at www.netutils.com.

Webinar: Employees Are The Target – No More Zero Day Exploits – Live Trusteer Apex Demo

[vimeo vimeo.com/http://vimeo.com/82196875]

Trusteer Apex applies a new approach to stop advanced zero-day threats from compromising employee endpoints, without impacting the user and with minimal IT overhead. Take a look at our latest webinar for a live and compelling demo of Trusteer Apex. It’s well worth a view and will make you think twice before clicking that next email link!