I’ve been in, around, or covering security products ranging from physical tools to cyber security tools for much of my life, and one thing remains constant. We really don’t rethink our approaches very often. We also tend to keep doing really stupid things even when we know they aren’t working and might be making things worse. For instance, giving security guards guns, knowing there is no budget to train them and that you don’t exactly get top-level employees at minimum wage (one of my guys killed a transformer while playing with his gun in the bathroom). We’ve known for some time that we can’t keep up with malware, that perimeter defenses are inadequate, and that we won’t staff the manpower needed to track down the alerts our SIEM products report, particularly on the client.
Some tools, like Varonis, specifically monitor the data and access rights to operate effectively within the perimeter, but the use of this tool is more the exception than the rule. I doubt most even know what their most valuable data is, let alone where it resides and whether those who access it are truly authorized to do so. On the client, it is even uglier because most clients are not only regularly attacked with the emergence of BYOD (Bring Your Own Device), but we often can’t even be sure these devices didn’t come into the environment already infected.
Addressing the client exposure often seems to be an exercise in futility, as anti-virus products are inadequate and often, when they are in place, the users turn them off. Something different is really needed. I just ran into an interesting company out of Israel (it is amazing how well that country just seems to get security). Morphisec, rather than trying to identify and remove viruses, alters the apps so the so the virus can’t work on them. It is the first product I’ve seen that effectively is a universal immunization remedy.
Immunizing the Endpoint
As I was being briefed on this solution, the comparison to a universal immunization process for humans, something that doesn’t exist, came to mind. Often, a disease or virus is either created or evolves to work only on one type of creature and, even then, it doesn’t attack the entire body but what it was designed or evolved into attacking. But if you could take a pill or get a shot that scrambled the unique aspects of whatever the disease or virus targeted, it wouldn’t see the target and wouldn’t infect you. You’d be disease-free until something figured out the new way your body was coded and then attacked that, but if you constantly changed those key aspects of your body, effectively, you’d likely live a disease-free life.
This is what Morphisec figured out how to do. Its tool looks at an app and, as it loads, it changes the key aspects of it that might provide a door into either infecting it or your PC. Executable names, memory location and key interfaces get renamed, but the system knows the new names, so it continues to run. And because once renamed and re-indexed there is no lasting performance impact, you end up with a PC or smartphone that is immune. Every time the app is loaded, these unique aspects of the app are randomized, so that even if an attacker figured out the new naming convention, it would do them no good because the next time the app loads those critical aspects of it would be changed.
In addition, the tool remains resident and if something tries to use the old names to breach the endpoint, the app captures the attempt and can then deliver the related report to the firm’s SIEM product and/or security team for remediation if needed.
Wrapping Up: Thinking Outside the Box About Security
We are badly outmatched in terms of the level, quality and sheer number of attacks our firms get every day, many of which are successful. We need a different class of tool than what we’ve traditionally used because what we have been using is increasingly inadequate. Whether it is tools like Varonis, which can work inside the perimeter to discover both external and internal threats, or tools like Morphisec, which can immunize entire classes of machines, the need to come up with ever more creative solutions will be critical to assuring we can effectively defend our companies in the present and in the future.
Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm. With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+