Cyber risk is on all-time high, and features among the top issues in many organizations and businesses in a world where cloud computing, social media, big data as well as Internet of Things (IoT), among other IT developments are taking root. It is a serious issue and ranks 5th according to the Aon Global Risk Management Survey. Ideally, businesses are aware of this concern, which is why the cyber insurance market continues to expand.
Earlier today, Aon Kenya, one of the top insurance companies, launched Cyber Enterprise Solutions to help businesses thwart cyber attack incidences that are potentially catastrophic in terms of data loss and corporate espionage, to mention a few.
“Data is an organization’s most valuable asset but it’s also most vulnerable asset. However, as businesses and companies grow, so do their exposure to cyber risk. This simply means that that as the value of a business grows, it raises its profile among hackers,” said Aon Kenya Chief Executive Officer Sammy Muthui.
According to Allan Lwala, a cyber security consultant and Dr. Bright G. Mawudor who presented informative talks during the event, cyber-attacks have evolved to bypass traditional defenses as clever malware can penetrate firewalls, IPS, anti-spam gateways or antivirus software. This is a headache to businesses, and some of them have failed to contain them due to lack visibility or limited experience/intelligence, as well as rising cyber management costs. In the same line of thought, it has been determined that some businesses overspend on security tools, which, ironically, offer a conduit for intruders to infiltrate systems.
To put this into perspective, up to 63 percent of companies that have been compromised before were informed of the breach from third parties such as security consultants or clients. Surprisingly, 100 percent of victims have up to date signatures that unfortunately cannot detect new malware or attacks as they compare threats based on what they have. By extension, this concern is heightened by new threat landscape that incorporates coordinated persistent threat actors, multi-vector and multi-staged attacks with polymorphic malware.
Indeed, this may sound as a lost cause but when you look at it keenly, most of these cases can be tackled when everyone understands his or her role and manages it competently. For this case, Aon has a solution called FireEye, which does not rely on known signatures to counter cyber-attacks.
As mentioned, FireEye is not signature-based and is embedded in a business’s network and intelligently dupes an intruder that their intended attack is successful. To put it differently, FireEye mirrors a network within a box inside your traffic, and the malware works as it is programmed to. On the other hand, FireEye outputs forensics about the attack to whoever is in charge of cybersecurity management. Such forensics include its point of origin, and can communicate with the channel being used by the attacker, be it Tor or some fancy deep web tool(s). Also, FireEye is capable of pinpointing any changes made by the intruder. The working principle behind it is that FireEye analyses incoming traffic using a technology called multi-vector execution engine to ascertain its purpose, which could be an exploit, port scans or data infiltration in your network, and so forth. Moreover, it correlates attacks within the virtue machine to determine what the malware could do were it delivered though another system. By doing so, FireEye sweeps the network to see if the same vulnerability has been used before or is active, and patches it.
It is also important to note that FireEye updates traditional defenses based on its intelligent operations. Since it collects information about attacks using more than 8 million sensors across the globe, it updates Aon’s FireEye Dynamic Threat Intelligence (DTI) Cloud. By the way, detection happens in real-time, where malware is blocked, but runs inside the virtual machine as explained above. Then, it gives forensics in 10 minutes or so. To crown it all, no one has been able to bypass FireEye since it was launched in 2004, and it is the tool that detected the famous WannaCry malware that hit millions of PCs across the world.
Identifying effective threat intelligence is an uphill task, and businesses must learn to understand the effectiveness of prompt and feasible security tools and how to manage them for a timely response.