While advanced persistent threats (APTs) are still a small percentage of the type of attacks that IT organizations deal with, their very existence is fundamentally changing the way organizations need to approach security.
Unlike other types of more brute-force attacks, APTs are subtle. They can insert themselves into a system and remain dormant for months. In addition, once they become active, they are usually programmed to go after specific targets, which usually wind up being the most valuable intellectual property an organization possesses.
To help organizations specifically deal with this new type of threat, Zscaler has extended its cloud security service to include the ability to continuously scan for APTs. According to Michael Sutton, vice president of security research for Zscaler, the Zscaler cloud leverages behavior analysis to identify APTs that as yet have not established a signature that could be identified by more traditional approaches to IT security.
The system accomplishes this by leveraging virtual appliances that pull all the data that needs to be analyzed in the Zscaler cloud, which essentially is a Big Data analytics application designed to analyze potential security threats.
Sutton says Zscaler goes one important step further than other approaches to combatting APTs. Instead of just identifying the potential threat, the Zscaler cloud service will also remediate the threat. That significantly reduces the amount of time any APT has to inflict damage on the organization.
In an age when the source of a particular APT can be one of the most sophisticated practitioners of digital espionage in the world, IT organizations clearly need to rethink their IT security strategies. The challenge, of course, is that the vast majority don’t have the internal IT resources needed to combat such threats.
As part of an expanding number of cloud services focused on security, Zscaler is at the forefront of a major shift in the way IT security is deployed and managed. That doesn’t mean anti-malware software at the endpoint and firewalls at the edge of the network are going away anytime soon; it just means that when it comes to dealing with modern malware, they are clearly no longer enough.