Major developments in the fundamental drivers of the threat landscape have occurred over the past 18 months, affecting organizational IT security strategies in 2011. The dip in new malware advancements in the first half of 2009 signified the shifting point of malicious R&D efforts to the new malware lifecycle phase we observed in 2010.
Three Trends – A changing R&D lifecycle phase
Considering threat landscape changes in 2010, results of the shifting malware R&D efforts that began in mid-2009 are surfacing.
- Further experimentation and transfer of threats to mobile and other non-Windows platforms.
- Increased targeting of application vulnerabilities.
- Advancing targeted data theft attacks.
Applying the technology lifecycle model to malware R&D, new development and diffusion occurs in waves. In the diagram below, the malware lifecycle timeline shows classic diminishing returns for criminal organizations as conventional Windows executable malware matured in recent years. While new developments benefits are limited initially, they eventually find niche markets before accelerating into the mainstream markets, surpassing benefits of old technologies. 2010 saw the early niche phase of new concepts in advancing targeted code like Stuxnet, mobile attacks, application exploits and other emerging weapons.
Three Critical Success Factors
The end of 2010 marks the tipping point when new malicious weapons accelerate past conventional executable malware. Consequently, defenders and targets of new cyber weapons have critical strategy decisions to catch up in 2011:
- 2011 is the pinnacle of opportunity for security organizations with flexible and proactive R&D resources to capitalize on changes through new disruptive technologies. Security vendors with R&D focused on mobile malware, vulnerabilities, targeted attacks and data protection have a head start.
- IT must accelerate migration to the next set of emerging ideas. Old reactive signature based technologies, based on risk-based security approaches, which make threat decisions based confidence levels that code is malicious, are obsolete. Organizations will secure themselves by adopting trust based security approaches, which makes which makes decisions on confidence levels that a piece of code is beneficial.
- Leaders must identify where and how disruptive technologies can create differentiation through new trust based security models. Organization must adopt strategies that increase both security effectiveness and business efficiency to save money and time. SaaS services will be adopted as failing internal IT security initiates are outsourced to expert providers.
Three Vendor Predictions
- The security arms race will go to the innovative, the observant, and the swift. Which vendors will add benefits, reduce costs, and improve processes faster than the competition?
- There is no finish line in information security. With a constantly evolving threat landscape, any win is temporary at best. Any complacency among vendors is dangerous and will be exploited by the innovative, observant, and swift.
- In the first phase of malware protection, imitators came into the market and mimicked the successful signature based protection strategies. In the next wave of protection, innovators will exploit the weaknesses in traditional vendor strategies.
Three Norman Solutions
- Norman Application Control is trust based security, allowing only proven resources, eliminating both the weakness of reactive solutions and employees unable to recognize security threats.
- Norman Device Control only allows trusted devices to access your information networks, while securing and providing access control to any data transferred to removable storage and mobile devices.
- Norman SandBox Forensic Solutions and Network Protection gives security experts the ability to efficiently and effectively make trust decisions by analyzing new code as it enters your network.
Add comment
If you find the content of this comment offensive, you can report it and our crew will have a look at it
Comments