Saturday, December 13, 2014

Picture This: Sony Hack Won’t Be the Last [feedly]

Picture This: Sony Hack Won't Be the Last
// A Collection of Bromides on Infrastructure

The FBI has warned US companies of a wave of destructive cyber attacks, in light of the recent Sony hack. I commented to eSecurityPlanet and SecurityWeek:

"These attacks are troublesome, but not surprising. Earlier this year we witnessed Code Spaces shutdown after a successful attack destroyed its cloud back-ups. Likewise, the evolution of crypto-ransomware suggests attackers are targeting the enterprise with destructive attacks. These attacks are unlike the "cat burglary" of Trojan attacks, but much more brute force like a smash-and-grab or straight vandalism."

An internal memo from Sony claims that "the malware was undetectable by industry standard antivirus." It seems that what has become industry standard is the inability of detection-based solutions to prevent these major breaches. Recall that Target was breached, in spite of a major investment in detection-based security.


The reality of the situation is that major attacks against leading brands and organizations show no signs of stopping. In the past year we have seen Target, Home Depot, eBay and many others get breached. And these are only reported breaches. There are almost certainly more sinister attacks that have still gone undetected.

Additionally, it should be painfully apparent that detection-based solutions are ineffective at preventing cyber attacks. This should come as no surprise as more than 70% of breaches in the last 3 years can be traced to a failure of endpoint security. We are witnessing a wave of sophisticated attacks that almost always involve the endpoint and almost always go undetected.

Legacy solutions are failing because antivirus security is almost 30 years old. Savvy information security professionals are recognizing the need for a new approach. Bromium eliminates the need to detect malware in advance by isolating all content in a hardware enforced microVM and denying an attacker access to the protected organization. Bromium is positioned to protect against both known and unknown attacks, including malvertising, crypto-ransomware and spear-phishing, which can be leveraged in APTs.

Next Thursday, December 18, join Bromium Sr. Director of Products Bill Gardner to learn more about how and why advanced attacks leverage spear-phishing. Register here:


Shared via my feedly reader

Sent from my iPhone

No comments:

Post a Comment