You don’t need to be a security expert to know that malware is a problem. Anyone with an internet connection or a TV can see that security threats and breaches are constantly in the news.
But security analysts know that organizations need to worry about more than just sophisticated attacks; simple (yet extremely effective) malware campaigns, such as ransomware, are leading to complex security issues like never before. With nearly 500 million unique samples of malware appearing every year, trying to individually detect every single variant is not an effective defense strategy.
Zero-Day Exploits: A Serious, Rare Threat
Security professionals spend a good deal of time worrying about zero-day exploits — brand new attacks that no one has ever seen before. While it only takes one zero-day to really ruin your day, the rate of malware infection via unknown threats is relatively low.
In fact, Gartner estimated that 90 percent of exploits occur on vulnerabilities for which a patch has been available. The Verizon’s “2016 Data Breach Investigations Report” noted that newly exploited CVEs are “mostly and consistently older than one year.”
With such a high success rate, attackers are much more likely to focus their efforts on publicly available exploit information since it is more cost-effective and less time consuming than discovering a new zero-day exploit.
Going Through a Rough Patch
So how do you prevent malware infections? The easy answer is to simply apply the available patch, right?
Well, anyone who has ever implemented a vulnerability management program knows that real life is not that simple. Patch rates of 100 percent are exceedingly rare for a number of reasons: For instance, critical systems that can’t be brought down for maintenance on a moment’s notice can delay patching. With bring-your-own-device (BYOD) programs, it is often hard to even identify what devices need to be patched in the first place.
Of course, this presumes a patch is even available. Of the more than 9,000 vulnerabilities disclosed in 2015 and tracked by IBM X-Force, more than 22 percent did not have a patch available. For this reason, it’s imperative to deploy compensating controls to protect unpatched systems — which is a key part of an effective vulnerability management program.
IPS: A Simple Solution to Complex Security Issues
One such compensating control is a vulnerability-aware intrusion prevention system (IPS). While IPS is a mature technology that has been in the market for nearly 20 years, it has stood the test of time for one simple reason: When properly deployed, it can be an extremely effective countermeasure against even the most sophisticated attacks.
Even more, a next-generation IPS not only protects against known threats, but those that are unknown as well. IBM’s Protocol Analysis Model (PAM), for example, is unique in that in protects against entire classes of vulnerabilities and not just specific, known exploits.
To learn more about preventing simple threats to solve complex security issues, watch the on-demand IBM webinar, “Back to Basics: How Decades-Old Technology Can Fight Today’s Most Advanced Cyberthreats,” featuring Gartner research director Craig Lawson.