Modern Malware and the Balance Between IDS and IPS

Palo Alto Networks Wade Williamson poses some interesting questions in the article below. In the fight against malware and APTs, we are in large part being forced to regress to the threat detection phase of the game, where many security teams are only able to detect when they are hit and can do very little about it. It is critical that when we regress from prevention to detection that we understand why, and how we can respond. For instance, what is the path for returning to an automated approach of threat prevention? Is it even possible? How do we get there from here and what can we do in the mean time? These are the important questions that we need to answer if we are going to actually make use of the lessons that we learned in the past, instead of simply reliving them in our present. To protect your assets and users you have to get between them and the threats, and this means deploying security solutions in line.

Evidence? …  Empirical Data? …  Actionable Information? …

It would only take a couple of hours of your time.

By now you have probably seen a lot of information and Palo Alto Networks and their Next Generation Firewalls. You may have even spoken to one of our customers about the control and visibility that an Application Aware and User Aware firewall provides. You might also be wondering how a Firewall can also be the top rated Intrusion Prevention System in the world based on NSS Labs testing.

I want to give you an opportunity to see this technology in action, on your network, in a completely non-intrusive fashion – all in about 2 hours. Drop me a line for more information.

Information security is a job that requires the ability to recognize change and adapt, whether that be adapting to changing threats, regulatory and business requirements or advances in information technology itself. Yet, the flipside of that coin is that often our latest, insoluble challenge is simply a new instance of a problem we have already confronted before. This seems particularly true in the case of threat prevention today, where in many ways we are seeing the industry revert from a threat prevention strategy to a threat detection strategy when dealing with modern malware and advanced persistent threats (APTs).

Today, the threats are new, the solutions are new and often it feels like the best that a security team can hope for is to simply identify that an attack has occurred and begin remediation. Of course, many in IT security have seen this dynamic before in the evolution of IDS (intrusion detection) to IPS (intrusion prevention).

In the early days of threat prevention, intrusion detection was all that was possible. The detection of exploits required a deeper analysis than the industry had performed in the past, which meant it was often too slow to be placed in line where prevention could occur. Secondly, false positives were common, so security teams were reluctant to block a threat without doing some investigation first. Of course, over time these solutions matured to be faster and more accurate to the point that the vast majority of enterprises use an IPS or prevention approach today.

The benefits to prevention are pretty obvious. Threats are blocked before they ever reach the target, and the systems are automated so that staff doesn’t have to manually investigate each event. In short, with prevention, we get better protection while requiring less human intervention.

In the fight against malware and APTs, we are in large part being forced to regress to the threat detection phase of the game, where many security teams are only able to detect when they are hit and can do very little about it. It is critical that when we regress from prevention to detection that we understand why, and how we can respond. For instance, what is the path for returning to an automated approach of threat prevention? Is it even possible? How do we get there from here and what can we do in the mean time?

These are the important questions that we need to answer if we are going to actually make use of the lessons that we learned in the past, instead of simply reliving them in our present.

That’s why I chose to focus on this topic in my SecurityWeek column this week. In the article I cover off on some important “need to knows,” such as understanding the issue that not all advanced threats are created equal, that understanding context is the key and why network chops are a must, all keeping in mind how we can learn from the past to live in the present.

Share

The post Modern Malware and the Balance Between IDS and IPS appeared first on Palo Alto Networks Blog.

Trackbacks

  1. […] Modern Malware and the Balance Between IDS and IPS (thethreatvector.wordpress.com) Share this:EmailPrint Pin ItMoreShare on TumblrDiggLike this:LikeBe the first to like this. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: