According to a new ESG report entitled “Advanced Malware Detection and Prevention Trends”, a surprising number of enterprise-level security professionals don’t have the requisite advanced malware detection skills to stop today’s cyber threats. Specifically:
- 40% of security professionals are either “not very familiar” or “not at all familiar” with polymorphic malware (i.e. advanced malware that constantly changes, and is therefore very difficult — if not outright impossible — to prevent with conventional anti-virus software and on-site appliances).
- 41% of security professionals are either “not very familiar” or “not at all familiar” with modern malware packing techniques (i.e. obfuscation techniques used by adversaries to remain undetected).
- 50% of security professionals are either “not very familiar” or “not at all familiar” with command and control (C&C) communications methods.
And if your response to the above is on the jaw dropping/eye-opening side, Network World’s Jon Oltsik knows how you feel.
“This data sure seems alarming to me,” wrote Oltsik. “How can security professionals prevent, detect, or respond to malware attacks if they don’t know what to look for in the first place? Yikes! Additionally, why are so many security professionals in the dark here?”
In an effort to answer Oltsik’s big question – or, at least, get the ball rolling towards a solution – ESG suggested three root causes for the “darkness”:
- A major skills shortage in the network security field, which has resulted in overworked and under-resourced security teams trying (and ultimately, failing) to thwart increasingly-sophisticated APTs and advanced malware.
- An old-fashioned approach to network security that is rooted in “prevention”, and as such focuses exclusively on aspects like software updates, vulnerability scans, and so on.
- A prevailing belief that APTs and advanced malware can be stopped by deploying network sandboxing gateways, in the same way that SPAM filters were deployed to stop SPAM, and web gateways were deployed to stop web threats.
With respect to root cause #1, while a lasting solution will take quite a while, there appears to be some forward progress. For example, as we wrote about in June, the UK government has invested £4 million to help Royal Holloway University launch a cyber security doctoral training program. Hopefully, this is just the first of many similar initiatives across the world that will help address this glaring advanced malware detection skills shortage.
With respect to root causes #2 and #3, the obvious theme is that many security professionals – and hence the enterprises they are expected to protect — are simply not prepared to deal with the volume, sophistication and, frankly, the viciousness of today’s cyber threats. Yes, the tools and approaches they’re relying upon to stay safe – e.g. antivirus software, next generation firewalls, secure web gateways, and so on – are part of the solution; but they aren’t enough anymore.
To address this, security professionals need to augment their enterprise’s legacy security system in two ways: 1. with a solution that shifts the focus from conventional virus prevention to advanced malware detection and 2. with a solution that automates the malware expertise on their behalf. As a result, they’ll be empowered to identify previously unknown threats — including some that may have persisted on their systems for months or even years — and, at the same time, be in a strong position to address whatever adversaries send their way; because we all know, the cyber threat landscape is only going to get worse in the future, not better.
To learn more about Seculert’s advanced malware detection technology for supporting and strengthening your enterprise, download our free White Paper, “The 6 Key Factors to Consider when Choosing a Solution to Protect Your Network”.
Plus, to boost your cyber security awareness, check out these helpful tips. We’re posting one tip per day in support of National Cyber Security Awareness Month.