The Best Security Defense Requires Intelligence

Michael Vizard
Slide Show

Five Places Where Malware Hides

Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.

Any general will tell you that when it comes to fighting a war, it is almost always better to fight the battle on the enemy's territory. The alternative scenario usually winds up causing a lot of collateral damage that tends to demoralize the populace over time.

Unfortunately, when it comes to IT security, too many organizations seem content with waiting to be attacked. That means they wind up investing a lot of time and energy defending their borders. It would be a whole lot more cost-effective to mitigate those threats long before they ever got anywhere near the company perimeter.

That's the thinking driving a lot of the interest in cloud security services. Case in point is a new service being launched today by Blue Coat Systems. The Blue Coat Cloud Service works by leveraging the technology that Blue Coat created for WebPulse, a subscription-based service that updates Blue Coat security products every time a significant threat appears on the security landscape. The new service extends that concept out to companies that want to leverage WebPulse technology for cloud computing environments in order to constantly monitor websites that generate malware and the networks used to distribute it.

Anthony James, Blue Coat vice president of product management and product marketing for cloud services, says effectively monitoring the networks is actually more important than the actual sources of malware because the servers that generate malware will change location a lot, while the network of compromised systems used to distribute malware is not an asset that digital criminals can easily redeploy. In many cases, Blue Coat will discover new forms of malware that are being tested on those networks long before an actual attack is widely launched, he says.

What all this amounts to is a spy versus spy game being played out in the darker corners of the Internet. Much like a government intelligence service, the spy craft is invisible to the average citizen. Yet without it, most IT organizations would be left to defend themselves against threats emanating from people with huge amounts of expertise and comparatively unlimited resources. And with the rise of cloud computing, it's also apparent that more potential valuable data is being concentrated in fewer data centers than ever, which from a security perspective paints on big red target on these locations.

As attacks increase in volume and intensity, it's pretty clear at this point that IT organizations need a reactive approach to security at the edge of the network coupled with a proactive approach that resolves issues long before they ever get anywhere near an internal system or application. In other words, they need access to actionable intelligence reports that identify and help mitigate threats long before they ever get near their actual target.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.