Proactive prevention techniques

 

 

 

 

Cyber-attacks are a growing threat to organizations and individuals and need to be carefully handled. Harry Sverdlove, Chief Technology Officer, Bit9 + Carbon Black explains how Bit9 + Carbon Black detects and responds to these attacks in real time.

 

Please give us more details about the products that you provide.

Bit9 + Carbon Black is the leader in endpoint threat prevention, detection and response. We offer comprehensive and proactive solutions to ward off network threats that target endpoints and servers. Our solutions effectively detect breaches, helping our clients efficiently respond and swiftly stop any attack from hackers.

The solutions we provide are made stronger through the combination of Carbon Black’s lightweight endpoint sensor with Bit9’s industry-leading prevention technology. It is worth noting that Carbon Black’s endpoint sensor, which can be rapidly deployed with no configuration, can detect and respond to threats in seconds.

The integrated Bit9 and Carbon Black technologies deliver the following results: continuous, real-time visibility into what is happening on every computer; real-time threat detection that does not solely rely on signatures; instant response by seeing the full ‘kill chain’ of any attack, and proactive and customizable threat prevention.

How can your solutions detect data breach?

Bit9 + Carbon Black is the first and only endpoint security solution that gives IT security operations and incident response professionals endpoint threat detection and response capabilities to detect and respond to cyber attacks in real time. Carbon Black goes beyond malware signatures with an “always-on” endpoint sensor, signature-less threat detection capabilities, and insight into the full kill chain of a security incident so that you can rapidly respond and contain each threat.

How do they respond to that and ensure recovery?

The heart of Bit9+Carbon Black’s proactive prevention capabilities, our proven, proprietary, policy-driven approach to white listing allows only software you trust to run and treats everything else as suspicious. To minimize end-user impact, Bit9+Carbon Black has developed three levels of “Default-Deny” protection:

-          Low enforcement: Records all device activity but allows all programs to run uninterrupted by default, unless explicitly banned by IT. IT can set up alerts to be notified of suspicious activity.

-          Medium enforcement: End-user approval is required before any unauthorized application can run. User-driven approvals are limited to only that end user’s machine. All device activity is recorded and logged for IT.

-          High enforcement: Allows only software IT has approved as trusted to run, all other software requires explicit approval. All device activity is recorded and logged for IT.

“Default-Deny” is the industry’s best protection against malware, advanced attacks and zero-day threats and is recommended in high-enforcement mode for servers, point-of-sale and fixed-function devices, as well as high-risk desktop and laptop devices containing sensitive information.

What is your opinion about the security market in the MENA region?

We see the MENA region as a highly important and significant security market. The dramatic increase in investment in IT infrastructure over recent years in MENA have made the region a target for cyber-crime, and we are seeing more and more breaches occurring in the region. Cyber criminals are not limited to geographic boundaries. They will attack governments, organizations and companies anywhere in the world.

 

What are the latest common threats?

 

One of the immediate network security threats today is the avoidance or bypassing of the network. With the proliferation of mobile computing, attackers can now easily hack into devices such as smartphones by circumventing the more traditional network security layer. Another alarming trend is targeting third party services and cloud applications to obtain unauthorized access to data. This is the result of the increasing practice among companies to store their sensitive and confidential data outside of the traditional corporate perimeter.

 

How can security professionals evolve their cyber security?

It is essential for security experts to get an in-depth understanding of cyber security threats and other challenges and, from there, make an appropriate and bold approach to actively address all issues. For example, a large number of cyber-attacks these days are custom-made, meaning hackers use signatures unique to each attack to avoid easy detection. To address this threat, companies must invest in advanced security approaches that do not depend solely on simple signatures and known blacklists of IP address or files. Another way to make it difficult for attackers to hide their behaviors across multiple layers is the proper integration of security tools.

 

Remember that the most significant measure is to be always one-step ahead of your attackers. Security professionals must always be aware of the current and future threats and challenges. One of the tested measures to address each challenge effectively and efficiently is utilizing advanced solutions to aid security experts in providing the best network and cyber security and protection.  

 

How can organizations and enterprises prepare themselves to prevent advanced attacks?

As I pointed out earlier, proper integration of security tools helps prepare companies prevent such attacks. Numerous firms are now outsourcing their security needs to third party service providers to ensure efficient management of multiple technologies and thorough investigation of cyber threats. Organizations such as the largest global corporations with complex infrastructures and small local business who do not have the resources to establish their own security operations centers have been increasingly relying on third party providers for their network security needs and requirements. 

 

In the era of BYOD (Bring Your Own Device), how can that be applicable?

As more and more employees are bringing their own mobile devices into the office, the key is to ensure that those devices can’t transfer any malware onto endpoints and servers. By protecting those business devices with Bit9 + Carbon Black, even if someone has a phone, tablet, thumb drive or a similar device, with some type of malware on it, any attempt by that malware to infect a PC, laptop or server will be stopped by Bit9 + Carbon Black.

 

What are the differences between internal and external threat intelligence?

You can never have too much threat intelligence. The key is to be able to process that threat intelligence so you can take meaningful action to protect your endpoints and servers. That is why we added third-party threat intelligence, including attack classification, to our Threat Intelligence Cloud service, which also includes the Software Reputation Service and ATIs (advanced threat indicators).

 

What are your future plans?

Our goal is to provide our growing base of worldwide customers with the most robust and comprehensive prevention, detection and response capabilities in the market. As the techniques, technology and boldness of threat actors continue to grow, we are focused on continuously expanding the capabilities of our products and services, enabling our customers to stay ahead of the bad people and keep their endpoints and servers safe from the worst threats.

 

About Harry Sverdlove
Harry Sverdlove is the Chief Technology Officer of Bit9 + Carbon Black. Prior to joining Bit9, he was principal research scientist for McAfee, Inc., where he supervised the overall architecture of crawlers, spam detectors and link analyzers.

Harry joined McAfee through its 2006 acquisition of SiteAdvisor Inc., where he was chief scientist and developed systems for testing, detecting and analyzing any Windows-based application.

Prior to SiteAdvisor, he ran his own consulting company specializing in Windows automation and spam detection. He also was director of engineering at Compuware Corporation (formerly NuMega Technologies). Prior to NuMega, Harry was principal architect for Rational Software. He holds a Bachelor’s degree in Electrical Engineering from the Massachusetts Institute of Technology.

 

 

Related



Your email address will not be published. Required fields are marked *






SUBSCRIBE TO OUR NEWSLETTER