Advanced malware prompts security refresh

Stefanie Hoffman muses on the future of security offerings as threats become ever more sophisticated

You only have to look at headlines to know that advanced malware is on the rise and becoming more pervasive. But it's often difficult to put that in real terms.

Vendor FireEye has just put out a threat report suggesting that advanced malware is so prolific that organisations experience a malicious email file attachment or URL dodging traditional security products once every three minutes on average. That means the channel will have to rethink, and likely repurpose, legacy offerings from here on out.

FireEye's 2H 2012 Advanced Threat Report attempts a big-picture overview around the threat landscape of global cyber attacks, especially those that circumvent traditional defences.

That includes include tried and true products such as firewalls, next-generation firewalls, IPS, anti-virus and security gateways.

One interesting finding, in my view, was how often organisations were subjected to advanced malware - as often as once a minute in some technology sectors. The rate of attack varies by industry and level of security infrastructure; some industries are attacked cyclically while others see a more irregular pattern of attack.

Unsurprisingly, the report found that spear phishing remains the most popular attack vector. Zipped files were the most common mechanisms for delivering malware.

This seems to be a winning recipe. In a spear phishing campaign, attackers use personal names, common business terms, and known applications to lure victims into opening emails or attachments, which makes it hard for users to identify the communication as a malware attack.

Meanwhile, advanced attack methods are compounded by new technologies designed to evade previously robust and impenetrable security mechanisms. For example, FireEye said it had uncovered malware that executes when users move a mouse, which can dupe sandbox detection systems.

Attackers are also having more success with DLL file attacks. Most users now recognise .exe files as risky. But DLL files appear more innocent.

That means that advanced malware not only escapes recognition on download, it continues to evade detection after the attack has been executed -- ultimately prolonging the infection.

As always, the channel will be on the front line of defence. Thus far, security resellers have done well with offerings such as anti-malware, firewalls and IPS.

That's probably about to change. With no foreseeable end in sight to advanced malware trends, the channel is inevitably going to have to rethink its strategy when it comes to security.

That means raising the overall bar with better offerings, new customer security policies, and more comprehensive services that use deep-dive forensics and analytics while aiming for new approaches to data protection services.

Resellers need to start assuming that all customer attacks now contain the ability to trump the same security infrastructure on which they've come to rely.

Of late, there have been a growing number of advanced malware options for providers. The proliferation of advanced malware has produced a groundswell of dedicated firms such as FireEye and Damballa.

Legacy players such as SourceFire, Fortinet, HP and EMC/RSA have also got in on the game with their own offerings that attempt to combat APTs while nabbing larger slices of market share.

It's clear that this is the way the game is going to be played from here on. The time has come for the channel to refresh security portfolios with an advanced threat makeover.

Stefanie Hoffman is West Coast editor and senior associate at Channelnomics

As part of our special editorial relationship, CRN is publishing this article from Channelnomics