By Tom Clare senior director of product marketing, Websense
The opportunities in the IT security market are incredibly rewarding for those who understand how to tackle today’s sophisticated threats.
According to Gartner, spending on IT security services will reach more than $49 billion by 2015. That’s tens of billions of potential for value-added services like risk assessments, compliance consulting, and data protection. So, what does it take to bring customer environments in line with today’s advanced threats and take advantage of this opportunity? There are a number of ingredients to success, but there is one that will make or break your security practice: finding a comprehensive security platform that can stop threats in real time.
It isn’t enough to just block attacks with antivirus, firewalls, and URL filtering anymore. Traditional defenses, while still required, are proving to be less effective against advanced threats and data theft. Our researchers have been diligently analyzing advanced threats to learn how cybercriminals are stealing data. Here are a few insights we’ve uncovered:
Criminal Encryption — The bad guys have been using proprietary encryption methods to hide malicious payloads and communications from traditional content inspection and security checkpoints. To combat this, you need a solution that can examine communications and files obscured by nonstandard encryption. Then, criminal encrypted uploads can be detected and blocked, and alerts can be triggered.
“Nondocument” Data Theft — When is a document not a document? When it is an image. Up until now, data loss protections have not been able to analyze data images while in motion or in use, and data thieves know it. Criminals are accessing proprietary files and using images or a nondocument form to steal the data. That’s particularly scary considering the prevalence of smartphone cameras in the enterprise and the fact that many companies store confidential data in image form. Look for a security solution that provides an optical character recognition (OCR) security solution for data-in-motion through Web gateways, data-in-use with end-point security, and data-at-rest with data discovery.
“Low And Slow” Data Theft — Organizations often have a threshold in place defining how many data incidents of confidential information per document or request can leave an organization. Bad guys learn these thresholds and steal data under the designated allowance by sending out items in small batches, in what is referred to as the “low and slow” approach. Be sure your security solution is capable of recognizing this pattern of behavior for multiple requests over a defined time period to prevent “low and slow” data theft. Also, for any security incident, forensic data capture functionality is preferred for administrators alongside forensic reporting details.
Email Security Evasion — Cybercriminals know that email security solutions will block emails containing known embedded links to malicious websites. So, they’ve developed a sort of malware time-release capsule to evade these measures. They now send emails with lures to specific website links, but wait to upload the malicious code to the site for a few days to give the email enough time to pass through email security checks. If it is sent on a Friday night, for example, it passes through the email security checks as clean, then on late Sunday the destination of the Web link is weaponized. The user is then on track for infection on Monday. Advanced security solutions now have the capability to mark these emails with embedded links for real-time cloud sandboxing analysis for point-ofclick protection whenever and wherever the email is opened.
Together, these innovations provide a solution greater than the sum of their parts. For the channel, this kind of comprehensiveness offers a foundation to build more profitable security services and valueadded products into a portfolio. And it provides the kind of visibility that makes it easy to communicate to the customer how much value the partner is bringing to the table.