– Tal Klein, senior director of products at Bromium, says:
IT managers find themselves in a complex quandary, driven by the fact that today’s users are mobile and technology-literate: IT must support the demands of an environment that meshes personal and work activities. Organizations must also practice constant vigilance to protect enterprise data and infrastructure. Empowerment brings with it risk, such as targeted malware developed by attackers who rely on data available on social networking sites to compromise employees easily reachable through the Web and/or email.
Since traditional enterprise security technologies rely on signature-based detection of malware and threats, IT managers are noticing today’s endpoint management and protection practices are out of step with users and sophisticated attackers. Looking to better secure the enterprise from targeted attacks, 2013 will see a shift – the “Signature Era” will end, leaving 2013 to be the year when detection as a mechanism for protection shifts from commodity to extinction.
Typically, companies determine which security technology is best by running various tests that measure how good each solution is at detecting malware, which is essentially a signature arms race. As next generation information and infrastructure attacks become polymorphic and undetectable, it is clear this methodology is expired. Advanced persistent threats have multiple payloads, targeting a number of vulnerabilities and engaging whitelisted vectors that prey on organizational structures and social relationships.
To keep up with new attacks, detection-based tools turn up their sensitivities, thus increasing the rate of false positives. This has happened when more than one vendor misidentified and quarantined essential applications – in some cases their own agents – as malware. The end of the signature era will pivot the utility of detection from protection to forensics. The enemy’s new weapons require a new class of tools that do not rely on detection in order to protect.