Comments on: Top endpoint security stories for June 2010 — Inability to stop new customized malware should be a wake-up call for security industry http://www.coretraceblogs.com/2010-07/top-endpoint-security-stories-for-june-2010-inability-to-stop-new-customized-malware-should-be-a-wake-up-call-for-security-industry/ The Application Whitelisting and Security Weblog Wed, 01 Feb 2012 15:10:57 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Jeffrey http://www.coretraceblogs.com/2010-07/top-endpoint-security-stories-for-june-2010-inability-to-stop-new-customized-malware-should-be-a-wake-up-call-for-security-industry/#comment-3124 Jeffrey Thu, 29 Jul 2010 14:53:13 +0000 http://www.coretraceblogs.com/?p=1879#comment-3124 "But with more targeted attacks successfully exploiting enterprises, the question that still remains is: Are we doing enough?" Of course we are not doing enough. Enterprises still have the mindset of being reactive, not proactive when it comes to network security. Until businesses move away from relying mostly on signature based products (i.e. McAfee and Symantec) they will always be one step behind the enemy. Most of the products out there are still trying to react to the aftermath of the attack and are not trying to actually stop the attack vector being used (i.e. the vulnerability). If you can protect from the vulnerability then you can stop the majority of the payloads (that signature based products can not keep up with) from being delivered to the local system in the first place. Custom malware normally targets a specific vulnerability or flaw in a system or application and uses it to propagate itself. Only a few security companies really seem to understand this concept. From day one eEye Digital Security has and they have created a fantastic security endpoint suite that addresses these security issues: http://www.eeye.com/Products/Blink “But with more targeted attacks successfully exploiting enterprises, the question that still remains is: Are we doing enough?”

Of course we are not doing enough. Enterprises still have the mindset of being reactive, not proactive when it comes to network security. Until businesses move away from relying mostly on signature based products (i.e. McAfee and Symantec) they will always be one step behind the enemy.
Most of the products out there are still trying to react to the aftermath of the attack and are not trying to actually stop the attack vector being used (i.e. the vulnerability). If you can protect from the vulnerability then you can stop the majority of the payloads (that signature based products can not keep up with) from being delivered to the local system in the first place. Custom malware normally targets a specific vulnerability or flaw in a system or application and uses it to propagate itself.
Only a few security companies really seem to understand this concept. From day one eEye Digital Security has and they have created a fantastic security endpoint suite that addresses these security issues:

http://www.eeye.com/Products/Blink

]]> By: Bob Barker http://www.coretraceblogs.com/2010-07/top-endpoint-security-stories-for-june-2010-inability-to-stop-new-customized-malware-should-be-a-wake-up-call-for-security-industry/#comment-2725 Bob Barker Tue, 13 Jul 2010 23:44:10 +0000 http://www.coretraceblogs.com/?p=1879#comment-2725 As a long-time follower of the software security market, it's clear now that security officers and others concerned about the onslaught of more nefarious types of malware are starting to catch on to the futility of trying to keep up. Over time the market will inevitably transition to whitelisting. As a long-time follower of the software security market, it’s clear now that security officers and others concerned about the onslaught of more nefarious types of malware are starting to catch on to the futility of trying to keep up. Over time the market will inevitably transition to whitelisting.

]]>