How Feds Fight the Latest Crop of Malware
New IT security threats such as zero-day exploits call for updated tools and approaches, says Howard Whyte, senior agency information security official at NASA.
Sandboxing tools used at one space center have captured and blocked malware that anti-virus software couldn't find. “The sandboxes have also reduced manual tasks because the forensics piece was typically very manually intensive,” Whyte says.
Whyte says new security tools enable his agency to take action and share information as a means of defense. “We’re now much more proactive,” he says. “We can also share what we learn across federal agencies and with the Department of Homeland Security. We understand if it happens to us one day, it will happen next week somewhere else.”
The number of hits related to a recent zero-day exploit in Adobe Flash used in malvertisement attacks
SOURCE: TrendLabs Security Intelligence Blog, “Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements,” February 2, 2015
While the latest tools help defend against malware, Whyte stresses that they are not a silver bullet. “It still takes a comprehensive approach that includes network and application tools, data loss prevention and analytics,” he adds. “We also need to evaluate these threats from a business perspective, asking ourselves what’s the risk, who’s using the data and how we can put controls in place to defend the network.”
Frank Dickson, a research director for Frost & Sullivan who covers network security, says NASA wisely came to the conclusion that it needed more protection than anti-virus software alone could provide.
“There’s a lot of talk now about organizations not needing anti-virus software,” Dickson says. “That’s not really the case. What IT staffs need are tools that complement and extend anti-virus. What’s different is that many of these new tools have been developed to detect and block the latest advanced persistent threats and zero-day exploits.”
David Shive, acting CIO for the General Services Administration, says as society becomes increasingly dependent on networks, security risks have increased. By building security into its systems from the beginning, rather than overlaying them as an afterthought, GSA remains committed to mitigating the risks and optimizing IT security.
Shive says GSA’s Office of the Chief Information Security Officer acts as a consultant and partner throughout a technology project’s lifecycle, rather than as a compliance step toward the end of the project.
“Through this approach, we will increase the overall cybersecurity posture of our information systems, while designing them to be flexible in meeting future challenges,” Shive adds.