With mallet in had you stand before a mechanical game board with between five and seven holes (depending on which version of the game your local arcade had). You drop 2-3 quarters and the game begins with plastic moles popping out of random holes at ever increasing speeds which you then proceed to pound mercilessly before they can retreat back into their hole. You score points for every timely direct hit and can only really achieve a perfect score if you have the help of others (i.e. cheat). This game seems to have become the ideal resume builder for IT security professionals today.
Google's Security Princess
Last week’s Black Hat keynote by Google’s “Security Princess” Parisa Tabriz started by reminding us of this arcade game and its relation to cyber security defense strategies and went on to assure us that “BLOCKCHAIN WOULD NOT SOLVE ALL OF OUR SECURITY PROBLEMS” before then giving us the 3 prime directives for success:
“01 TACKLE THE ROOT CAUSE
02 PICK MILESTONES & CELEBRATE
03 BUILD OUT YOU COALITION”
The rest of the keynote they took a deeper dive on each of these directives, but for those who follow this blog you know that we focus on “01 TACKLE THE ROOT CUASE” because we believe that prevention is always better than remediation. For those of you not lucky enough to be in Las Vegas last week for this presentation, you can enjoy her entire keynote on YouTube here. Her talk starts at the 23.35-minute mark.
The Definition Of Futility
As Parisa Tabriz’s keynote continued, she suggested that we take the “5 whys approach” to get to the heart of root cause analysis and although she admitted this seems simple, she also pointed out that most companies don’t even ask the first why and instead just try for a quick-fix point solutions to directed problem. This of course is the definition of futility: doing the same thing and expecting a different result. A basic understanding that executable code does not belong in any content or data stream will allow you to change the rules and tackle the root cause in real time. You can also get a refresher on the 5 keys to cyber threat prevention if you are looking for more specific actions to take.
Change The Rules
In order to tackle the root cause, you will need a cyber security strategy based on tools that won’t miss zero-day attacks and can’t be evaded by smart cyber criminals. Solebit’s SoleGATE (now part of Mimecast) uses a static analysis which is faster, more accurate, not OS version dependent and covers 100% of your code, with complete visibility. With SoleGATE, every line of code is evaluated, making Sandbox evasion techniques ineffective. On average, Solebit analysis time is between milliseconds up to a few seconds. Network Sandboxes typically take 5-15 minutes to perform the same analysis.
Using deep inspection and analysis methods, SoleGATE is able to interpret and detect code in real time and immediately block threats from penetrating your organization. DvC™ has no assumptions on threat heuristics and behavior and assumes that there is no legitimate reason for executable code to be present in a data file, it relies solely on identifying code existence on non-executables files. Bottom line is that you will finally have safe content!
Check out this whitepaper on an evasion-proof approach against modern cyber attacks that can keep your content safe. It will outline how to strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.