That said, what continues to baffle me is the ongoing practice of re-applying beatable security technologies to evolving malware, and expecting a different outcome. Time and time again, we’ve seen how increasingly ineffective traditional anti-malware products like antivirus software are at stopping modern attacks.

More recently, we’re seeing how cyber criminals can rapidly rewrite code overnight to evade even the latest security updates. The article, “Apple’s malware detection update circumvented in 8 hours,” shows us how quickly malware developers are creating new variants that can bypass security updates mere hours after the update is available. But this doesn’t apply to Macs alone. I’ve also recently talked about the Microsoft security update that was out all but three days before hackers were conducting active attacks on the same patched vulnerability.

The way I see it, it’s wrong to apply a known broken security approach to any platform, but especially wrong to do so on new ones. Whether it is a Mac, Linux, tablet or smartphone, why on earth would you use an old, ineffective approach to secure a new platform?? Doing so puts your network endpoints and critical business data at risk, and it gives cyber criminals the upper hand.

Putting short-term fixes on long-term problems is not the answer. Instead of deploying reactive solutions and hoping for the best, we need to approach IT security with a proactive vision in mind. We need a solution that provides proactive security, minimal performace impacts and clear visibility / risk profiling of all applications installed in our environment. What we need are application control solutions like CoreTrace Bouncer.

In the article, “Hackers move fast to exploit just-patched IE bug,” Symantec reported that after Microsoft issued a patch for 11 bugs in Internet Explorer last week, active attacks were spotted on one of the “patched” vulnerabilities just three days later. Although the vulnerability has seen limited attacks at this point, it is another in a long line of examples that demonstrate why enterprises need multiple layers of protection–most of which truly need to be completely out of the hands of users.

What good are security updates if hackers can jump right back in and exploit the same vulnerability? Honestly, the impact of an unpatched vulnerability would be significantly less if the endpoint protection (specifically antivirus technology) was effective at stopping the payload. As is becoming more and more evident, this is not the case. Traditional antivirus solutions are continuing to fall further behind in stopping the growing volume of malware exploits and variants.

[Time for the shameless plug. You can exit now if you don't want to know how to help actually solve the dilemma.]

Rather than reactively patching or depending on blacklists to identify and stop the tens of thousands of new online threats that come along each day (60,000 a day, according to Gartner), organizations need to take a proactive approach to not only protect their endpoints from all known and unknown malware threats, but also gain total application control of their systems to allow only what they want to run on their networks at all times.

CoreTrace’s Bouncer application whitelisting solution does this by providing complete insight and control over all installed applications across a highly distributed environment. By combining total application control with advanced, non-intrusive self-defending mechanisms, Bouncer helps organizations stop all known bad and unauthorized applications from running on any endpoints–including those that exploit a known, unpatched vulnerability.

In the article, “Malware Authors Relying on Poor User Updating Practices,” cyber criminals understand this, and are taking advantage of users’ negligence around installing the latest security updates on their PCs. According to Ralf Benzmüller, head of G Data SecurityLabs, cyber crooks are not just targeting current security gaps, they also have their eye on unclosed vulnerabilities that for one reason or another have been disregarded by users.

“Even though an enormous number of program updates are being provided, users should not be fooled into deactivating automatic update functions. Not only does this apply to Java, but it should also apply in general to all browser plug-ins used and all applications installed on the PC.”

Ironically, experts at G Data SecurityLabs also said there has been an increase in the installation of unwanted software such as fake antivirus programs, known as scareware, that trick users into downloading what they believe is extra protection against malware but is really malicious code designed to steal personal data.

The dangerous combination of poor security updating practices and users getting fooled into downloading malware programs on their computers is giving hackers an edge in the cyber crime fight. While security vendors are working on creating more secure applications, I sadly believe that there will always be vulnerable applications in our networks. Because of this, businesses should focus on stopping the payload that is deposited. Once the payload is executed, that’s when the damage is done.

This is another reason to consider application whitelisting solutions. With application whitelisting, it doesn’t matter how the malicious code gets deposited — whether through opening a bad attachment, a drive-by from hitting a bogus website, or a vulnerability — because all unauthorized applications are prevented from running. If you can’t change user behavior, stop the payload.

Today, there are a number of different social engineering techniques that cyber criminals are using to deliver malware to end users, including:

Email from a friend: Users get a message from a friend telling them to view a video. When the link asks to download some required software, they are actually downloading a malicious program.

Spam: Hackers are using unsolicited email spam to send Trojan horses to individuals, hoping to dupe people into downloading fake advertisements that deliver malicious code onto their machines.

Spearphishing: Criminals create a maliciously encoded document that the victim is likely to open such as a follow up from a recent conference or a planning document from a partner organization.

Fake AV warnings: Criminals are hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Downloading these will infect a machine.

Malicious websites: Hackers trick search engines into linking to malicious websites that look like they have interesting stories or video about the hottest news topics.

While these threats can be perceived as consumer-related issues, businesses only need to look at this information in regards to “their employees” to understand how social engineering attacks can jump from end-users to corporate networks. The fact is, if an employee is tricked into downloading malware, the infected machine that is connected to a network can put corporate data and systems at risk.

The truth is, we will never be able to control our employees’ online behavior. Nor, is it realistic to train or re-train every employee perfectly. Because of this, the key to preventing malware attacks is to stop the payload from getting on the network. Application whitelisting does this by preventing the execution of any unauthorized application from running on a machine, no matter how the malware is delivered.

The one thing that these types of events bring to light is the importance of security with cloud providers. According to the recent article, “Symantec executives caution customers on cloud provider security,” as more and more businesses turn to cloud services, they need to hold their providers to the same security standards that they adhere to because they can still be liable if their data is breached.

Whether an organization’s business assets are on-premise or reside in the cloud, securing critical data needs to be the No. 1 priority. The top challenge is finding an anti-malware solution that protects data without compromising the productivity of their systems. Unfortunately, using traditional antivirus products alone is not the answer. For many companies that continue to rely on antivirus solutions to protect their networks, the challenge remains because of two significant factors.

First, antivirus can’t keep up with the tens of thousands of new malicious software that surfaces every day. With about 55,000 new viruses popping up daily, catching all the “known” malware coming through is impossible with reactive antivirus products. Second, as blacklist-based solutions try to keep up, the constant scanning for threats and downloading signature updates are eroding the overall performance of their systems.

As a result, organizations need a solution that provides maximum endpoint security without reducing system performance. Bouncer by CoreTrace does both. Using application whitelisting technology that doesn’t require file and system scanning or frequent signature updates, Bouncer stops the execution of any unauthorized applications without slowing down the system–in physical or virtual environments. Don’t just take my word for it, check out the Citrix Security Challenge page where the short video, “Maximizing Security & Performance of Citrix XenDesktops with CoreTrace Bouncer” received the most community votes. Even in the cloud, you can have security and performance at the same time.