Security Awareness Month continues with more coverage than ever, but still organizations are reporting theft of content. It seems that the only thing scarier this Halloween for a Chief Information Security Officer, IT Security professional or Security Operations Center than a marathon of Freddy Kruger movies is the theft or corruption of content under their domain of responsibility. If you can’t trust the safety of of your content then very bad things happen to your productivity, profitability, brand image and perhaps even your share price for publicly traded companies.
No Organization Is Immune To Unsafe Content
Statics are showing that data is becoming increasingly unsafe. In fact Statistica, the statistics Portal reports that the annual number of data breaches and exposed records in the United States from 2005 to 2015 has exponentially grown 100 fold from 157M to 1,579M.
Even the US Department of Defense is not immune. According to CNBC:
“The Pentagon says there has been a cyber breach of Defense Department travel records that compromised the personal information and credit card data of U.S. military and civilian personnel.
A U.S. official familiar with the matter says the breach could have affected as many as 30,000 workers, but that number may grow as the investigation continues. The breach could have happened some months ago but was only recently discovered.”
As you can see, cyber criminals also understand the value of your content, so will treat that as a prime target.
Content Is Not Safe Because...
Put most simply, your content is unsafe because most every security control you have put in to date has some form of exploit, Achilles heel or kryptonite:
- Firewalls deal with DDoS attacks
- Antivirus can’t address with zero-day attacks
- Sandboxes can be easily evaded but are very useful when paired in conjunction with an evasion-proof front-end
Ensuring Safe Content
In order to ensure safe content, you will need a cyber security strategy based on tools that won’t miss zero-day attacks and can’t be evaded by smart cyber criminals. Solebit’s SoleGATE (now part of Mimecast) uses a static analysis which is faster, more accurate, not OS version dependent and covers 100% of your code, with complete visibility. With SoleGATE, every line of code is evaluated, making Sandbox evasion techniques ineffective. On average, Solebit analysis time is between milliseconds up to a few seconds. Network Sandboxes typically take 5-15 minutes to perform the same analysis.
Using deep inspection and analysis methods, SoleGATE is able to interpret and detect code in real time and immediately block threats from penetrating your organization. DvC™ has no assumptions on threat heuristics and behavior and assumes that there is no legitimate reason for executable code to be present in a data file, it relies solely on identifying code existence on non-executables files. Bottom line is that you will finally have safe content!
Check out this whitepaper on an evasion-proof approach against modern cyber-attacks that can keep your content safe. It will outline how to strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.