“These typically exploit browser vulnerabilities, but another threat vector is through infecting search results,” said Lam. “Hackers and criminals have become savvy enough to use the top search terms at any time and infect those search results with malware infected web pages.”
“The attackers main aim is to gain sensitive information like credit card or bank account information for monetary gains,” he added.
With such a dynamic threat landscape, Symantec advocates similarly dynamic and comprehensive defences to protect individuals and organisations from such threats. These include reputation security, intrusion protection, gateway filtering, encryption, removable media controls, data loss prevention, network threat and vulnerability monitoring.
“Different combinations of security components will provide protection against different threats,” said Lam. “For example, using device management and security together with identity access can provide defence against mobile threats.”
Another important strategy for unknown threats is to have reputation-based detection which involves rating every executable file on every client. “This will be the key for new and unknown viruses,” said Lam. “We have a technology that looks at hundreds of attributes for every potentially infectious file it encounters, building a security rating around the files actual behaviours. Known files like Excel are good, and all known bad ones are automatically blacklisted, and new files are automatically suspicious.”
In line with the keynote to focus on business processes to combat security threats, Check Point Software Technologies advocates looking at security from a holistic view.
Andrew Namboka, Major Accounts Manager, Check Point Software Technologies noted that with the advent of cloud computing, virtualisation, mobile devices, one of the main issues is complexity. “It has been a wakeup call for us,” he said. “There have been new environments for security to address.”
As such, Namboka believes that security must be a business process and organisations’ best practices have to align technology and security elements, with control being of particular importance. “It is about people and policies, but also about enforcement,” he said. “It is about the behaviour of people, and the controls to enforce.”
However, in order to make sense of controls, visibility is needed across technologies and there is a need to have a system to classify and track applications across the enterprise. “You have to know which asset corresponds to [which] particular security events or incidents in order to take action,” Namboka said.
“Still, security is about working with human beings, and enforcement is not useful on a piecemeal basis,” he added. “Involve users through training and education and you will find that the burden on IT will go down significantly.”
Sign up for Computerworld eNewsletters.