If you’ve visited the websites of every cyber security vendor in the last month, then your head is probably about to explode because it appears that everyone says the exact same thing (with almost the exact same words). Should we really believe that every approach to “preventing zero-day malware and cyber threat” from affecting your organization are equally effective and have the same cost and resource requirements? Or is there another story at work here?
Don't Confuse Marketing With Reality
First and foremost, we need to recognize that websites, datasheets, videos and presentations are largely the result of some marketing professional plying their craft. Said more bluntly in other words, they are trying to sell you something. In his Raconteur article titled “Marketing to confuse the competition”, Rory Sutherland sums it up nicely:
“Typically, the dominant culture of a business has the regimented mentality of the air traffic controller, whereas the marketer needs to be a game theorist. The first needs to have a love of the obvious; the second needs to have a paranoid fear of the obvious. And, while most of the company will be obsessed with efficiency, truly efficient marketing is not really marketing at all, it is merely noise.”
Now, we are certainly not suggesting that all marketing is bad, we are just suggesting that you look at the fine print and truly compare approaches as close as possible to a norm.
Cyber Threat Prevention Comparison
Especially when it comes to cyber threat prevention, can you truly believe that all approaches truly prevent all cyber threats equally and with the same cost and resource requirements or do they have a distinctive competence and/or cost requirement based on their design?
Although there are literally thousands of approaches for various segments of the cyber security space, for today’s blog we will limit it to those that attempt to “prevent zero-day threats” from impacting your organization:
- Sandboxes (behavior-based analysis): This approach assumes that everything coming into your IT environment may be infected so it effective quarantines everything to “detonate” suspicious activity in a safe environment away from production systems. On the positive side… The challenge comes in the form of huge time delays to parse content, the amount of resources (technology and people) to create duplicate environments of everything to define a quarantine and the fact that there are well known (and published) ways to evade sandboxes.
- Threat prevention appliances: This approach assumes that you would prefer a turnkey solution that is “plug and play” hardware and software combined for managing your behavior-based cyber threat prevention solution. On the positive side this will give you “one throat to choke” when problems arise, and you don’t have to think about hardware/software compatibility. The challenge comes as the appliance ages
- Content Disarm and Reconstruction (CDR): This approach assumes that you will want to still use any infected content found so it will attempt to rebuild that content without the malware. It works a lot like behavior-based solutions but with the added step of rebuilding the original content into a usable form. On the positive side this catches most malicious code before it can impact your organization but has the added benefit of allow the infected files to be used as well. The challenge here comes in all of the items listed above under sandboxes as well as adding even more time delays for the rebuild effort and that the integrity of the original file is not always possible to recreate.
- Microsegmentation: This approach assumes threats can be anywhere inside and outside of your network (and are probably everywhere) and then acts accordingly, but also delivers the operational agility of network virtualization that has become foundational to a modern software-defined data center. Specifically, segmenting the network and applications into functional areas and using policy management to control a data flow and user access in order to isolate potential threats before then can impact your organization. On the positive side this combines network virtualization along with security and ensures policies are enforced throughout. The challenge comes in managing the potentially thousands upon thousands of segments could have something slip through the cracks and that while microsegmentation will catch and stop malware, it usually can’t remediate it.
- Static Analysis: This approach assumes that executable code in any type of non-executable content such as data files and data streams is malware, and therefore should not be permitted to enter any organization. This approach is as effective in the public and private cloud as it is on premise and works equally fast and with similar resources. On the positive side this is the fastest and most cost-effective approach to handling the sheer volume of content coming into your environment. The challenge can come when malware exists in new executable code coming into your organization in the form of applications.
SoleGATE™ has been architected from the beginning to find code hidden in content and with the right degree of flexibility to deliver end-to-end security across a changing threat landscape that could be initiated from different attack vectors such as: email, web, and cloud office applications. It is agnostic to the underlying infrastructure implemented and is able to protect in hybrid environments with a mix of virtual, hardware, and XaaS-consumed infrastructure. Whether on-premise or in the cloud, SoleGATE operates consistently, totally separating environment variables from security logic. Managed centrally, SoleGATE gives customers the flexibility and consistency to have a truly end-to-end security that is not restricted to a certain vertical.
Get Solebit’s whitepaper on a transformative, evasion-proof approach against modern cyber-attacks that doesn’t require sandboxing. It will outline how to strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.