The last rites of traditional IT security

The last rites of traditional IT security

Anti-virus software has been one of the standard weapons against online threats for the past two decades. But as the nature of online dangers changes, anti-virus software is starting to look past its sell-by date.

Nowadays, it’s not worries over traditional viruses that keep IT professionals awake at night. Their number one concern is more likely to be the targeted attack. Online criminals will stealthily approach your business, gaining access to critical systems, leaving virtually no trace.

Factor in clever new malware delivered via phishing or social engineering and you start to realise that anti-virus software is near-useless against this new generation of threats.

Professional online criminals

Professional online criminals are often behind these new threats. From stealing valuable intellectual property to coordinated attacks on bank accounts, the online attack model of today is a world away from the loud-mouthed internet vandals who used to dominate the headlines.

Today’s attacks are carried out by groups, rather than individuals, are designed to steal valuable data — and often leave no trace.

What’s more, online attackers are patient. An analysis of what’s known as advanced persistent threat (APT) incidents by Mandiant revealed the average period over which attackers controlled a victim's network was one year.

That’s a long time for online criminals to have access to your data without you realising.

Additionally, many of these breaches are inside jobs, where authorised users (often company employees) load malware or password-capturing software onto company systems.

Anti-virus was never enough

In all honesty, anti-virus software has always had its weaknesses. It has to be updated daily and cannot effectively prevent against new threats until they have been identified and an antidote created.

This model was flawed when most viruses were noisy and high-profile. But today, threats are silent and stealthy. With fewer organisations affected, there are fewer opportunities for the virus to be identified and neutralised.

What should we use instead?

If anti-virus software isn’t enough, then what are the options?

First off, organisations need to address any complacency that exists and start implementing security processes that are key to effective defence.

Getting the basic principles of security right is a good place to start. Creating a security checklist is relatively straightforward with help from an IT professional or supplier. Doing so gives you a clear list of recommendations and will help you identify any weaknesses in your business.

File integrity monitoring

However, you also need an infallible way to detect malware if it does manage to bypass security defences.

File integrity monitoring (FIM) is an excellent way to do this. It radically reduces the risk of security breaches by warning when a change has been made to underlying, core file systems.

Flagging changes in this way makes it harder for threats to take hold because you get immediately notified if changes happen that could indicate a stealth attack.

A combination works best

File integrity management works best when combined with strong change management processes. This means your business needs to keep tight control on who is allowed to make changes to core software and when they may do so.

It’s not a silver bullet that will make your business impervious to online threats. But as a core plank of your security strategy, file integrity management can effectively protect your data and dramatically reduce the risks your business faces.

• Most small businesses have had a security breach. Have you?
• Save your business from a security threat
• How to perform an IT security risk assessment

This is a guest post from Mark Kedgley, CTO at New Net Technologies,