Security

How Feds Fight the Latest Crop of Malware

Agencies couple new tools with planning and risk assessment.

Google+ Twitter

Steve Zurier is a freelance technology writer based in Columbia, Md.

New IT security threats such as zero-day exploits call for updated tools and approaches, says Howard Whyte, senior agency information security official at NASA.

Sandboxing tools used at one space center have captured and blocked malware that anti-virus software couldn't find. “The sandboxes have also reduced manual tasks because the forensics piece was typically very manually intensive,” Whyte says.

Whyte says new security tools enable his agency to take action and share information as a means of defense. “We’re now much more proactive,” he says. “We can also share what we learn across federal agencies and with the Department of Homeland Security. We understand if it happens to us one day, it will happen next week somewhere else.”

3,294

The number of hits related to a recent zero-day exploit in Adobe Flash used in malvertisement attacks

SOURCE: TrendLabs Security Intelligence Blog, “Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements,” February 2, 2015

While the latest tools help defend against malware, Whyte stresses that they are not a silver bullet. “It still takes a comprehensive approach that includes network and application tools, data loss prevention and analytics,” he adds. “We also need to evaluate these threats from a business perspective, asking ourselves what’s the risk, who’s using the data and how we can put controls in place to defend the network.”

Frank Dickson, a research director for Frost & Sullivan who covers network security, says NASA wisely came to the conclusion that it needed more protection than anti-virus software alone could provide.

“There’s a lot of talk now about organizations not needing anti-virus software,” Dickson says. “That’s not really the case. What IT staffs need are tools that complement and extend anti-virus. What’s different is that many of these new tools have been developed to detect and block the latest advanced persistent threats and zero-day exploits.”

Built-In Security

David Shive, acting CIO for the General Services Administration, says as society becomes increasingly dependent on networks, security risks have increased. By building security into its systems from the beginning, rather than overlaying them as an afterthought, GSA remains committed to mitigating the risks and optimizing IT security.

Shive says GSA’s Office of the Chief Information Security Officer acts as a consultant and partner throughout a technology project’s lifecycle, rather than as a compliance step toward the end of the project.

“Through this approach, we will increase the overall cybersecurity posture of our information systems, while designing them to be flexible in meeting future challenges,” Shive adds.

Key Product Considerations

Frank Dickson, a research director for Frost & Sullivan who covers network security, offers three questions IT managers should ask when selecting sandboxing and endpoint security tools to supplement anti-virus software.

1. Which devices do the tools support? Not all sandboxes or endpoint tools support every operating system. Ask the manufacturer which OSs it supports and make sure that support corresponds to what’s used on the network.

2. Which file types do the tools support? Possibilities include basic Microsoft Office apps, along with other types of executables, compressed files and Java files. Every network is unique.

3. How well do the tools respond to anti-evasion techniques? Hackers are clever and cunning. Hundreds of techniques have been developed to evade sandboxes. For example, some malware will check to see if the tools are running in a virtual environment, which would allow it to spread throughout systems.

weerapatkiatdumrong/ThinkStock