Hackers continue to show endless ingenuity in penetrating corporate networks. In fact, some recent malware attacks made headlines by crippling corporations, robbing shareholders, and damaging the credit of thousands of consumers. These attacks make it clear that cybercriminals continue to evolve, creating threats that can bypass the security defenses of many organizations. Some advanced malware can even sense threat defenses and mutate like a biological virus.
Determined hackers, coupled with the expanding adoption of cloud applications and the explosion of mobile workforce devices means that enterprises must find new ways to protect themselves from increasingly sophisticated, malicious attacks. It’s a daunting challenge; where can organizations find a solution to combat threats defined by devices, applications, and users everywhere? The answer can’t be found by looking to the stars. However, if you cast your line of sight toward the clouds, you’ll have a clue as to where you should look for a more innovative enterprise security solution.
The Issue: Evolving Nature of Threats
As network security advances, so does malware. It is more aware and adaptive than ever, looking for new delivery channels and mutating to evade behavior detection. A few examples include:
Virtual machine awareness—An increasing number of attackers are creating malware that can detect when it’s operating in a virtual sandbox environment and can execute techniques to disguise itself.
Polymorphic files and URLs—Malware files can morph and mutate like an infectious virus to escape signature-based detection. Using automated systems, hackers continually change the look of their files and flood these files toward your defenses, hoping one of them will penetrate and begin to operate. Attackers can do similar things with URLs by using domain-generating algorithms (DGAs) to mathematically compute new domains, making it difficult for techniques such as blacklisting to keep pace.
Multistage, multivector attacks—Sophisticated cybercriminals stage multiphase attacks to get through corporate defenses. Hackers select web-based, email, and file-based intrusions, coordinating them to achieve desired results.
Encrypted communication—Because most network security systems are unable to scan encrypted data to detect malware, hackers find it effective to use SSL to build communication tunnels between embedded malware and remote command and control (C&C) servers.
Misleading file types—Malware may masquerade as harmless files. For example, some malware files may pretend to be JPEGs but actually have executable files inside of them. Another malware file can later change itself into an executable (.exe) to unleash the malware inside your network.
User interaction triggers—Malware may pretend to be legitimate, displaying a friendly or familiar looking dialog box that asks users to install some software. When the user allows the installation, the malware goes into operation.
Unique and targeted malware—Some malware can be incorporated into a targeted “spearfishing” attack. If it’s aimed at you, it will trick you into opening a file by using information specific to you. Once opened, the hackers go after the specific assets they’re looking for.
Enter: the Cloud (or Cloud-Delivered Security)
Threat defense needs to be reimagined to address not only the sophisticated nature of the threats just described, but also to ensure it aligns with the realities of how organizations are accessing the web and corporate applications. If your workforce is increasingly distributed, with laptops and mobile devices going directly to the internet to access to SaaS applications, cloud-delivered security and threat protection needs to be on your radar. Cloud-delivered security can be easily provisioned to tackle the security and threat protection needs of all of your web traffic. And the benefit of a subscription-based service is that it can easily scaled up or down to meet changing needs. In addition to ease of deployment, you need to make sure it can deliver the top-notch threat prevention you require. A deeper look at Symantec cloud-delivered security service will help you understand why customers consider our solution to be truly enterprise-class.
The Solution: Symantec Cloud-Delivered Security, Malware Analysis Services
Symantec Research and Development organization has been busy working to ensure we have strong capabilities to address evolving new attack techniques. We developed a multitiered system that includes advanced analysis techniques to identify and neutralize malware designed to evade detection technology. These techniques block known threats, analyze anything new and unknown, and combat evolved attacks. The entire system is designed to make sure that you get enterprise-class protection while ensuring that false-positives remain extremely low (so precious security and incident response personnel are not wasting time chasing false alarms).
Web Security Service Leverages the Symantec Global Intelligence Network
Symantec cloud-delivered Web Security Service (WSS) is fed by our global intelligence network (GIN), the world’s premier civilian cyber defense threat intelligence service. The GIN gives your enterprise the ability to filter URLs into granular categories with defined risk scores. The network uses threat information and telemetry data from 15,000 enterprises and 175 million consumer and enterprise endpoints to categorize and analyze threats posed by more than a billion previously unseen and uncategorized websites each day and more than two billion daily emails sent/received by our customers. Symantec’s unique expertise and analytics uses this information to define the “known bad” files and locations your organization should avoid. Web and file access control policies set in the Symantec WSS ensure that the “known bads” stop at your doorstep and don’t harm your company. The Symantec WSS also leverages content analysis capabilities that perform further analysis on risky files using dual malware engines, as well as comparisons against blacklist/whitelist files.
Symantec Malware Analysis Service
Because it’s extremely difficult for malware authors to evade both virtual and emulative environments, the Symantec Malware Analysis Service works with Symantec WSS to add behavior analysis and sandboxing capabilities for advanced threat detection and prevention. The service uses a powerful combination of emulation and virtualization to identify malicious code. Virtualization takes place in a virtual machine that is a fully licensed version of Windows in which the user can install any application (Office, Adobe, Quicken, or custom applications). We call it Intelligent VM (iVM). The emulative sandbox environment is not Windows software; it’s a fully recreated computing environment based on a Windows-like API. In this completely controlled artificial space, users can make the malware think it’s interacting with a real computer.
The Cloud Makes it Easy—Give it a Try
The Symantec WSS, along with the integrated Symantec Malware Analysis Service, is designed to give you the protection you need to deal with the rapidly evolving advanced threats that are attacking your network each and every day. Contact us to learn how to use our subscription service can help your enterprise protect your corporate assets. Use Symantec to help you enable your enterprise by reliably passing the “known good” and protect your enterprise by reliably blocking the “known bad” and accurately analyzing the “unknown.”
Learn more at go.symantec.com/cloudsecurity