Early this month (October 2013), cyber security firm McAfee introduced an end-to-end solution which the company said was aimed at helping organisations combat the increasing challenges of advanced malware.
The new McAfee Advanced Threat Defense follows a so-called Find, Freeze and Fix process, going beyond just identifying threats (find) by freezing threats with McAfee network solutions, and the ability to initiate a fix with McAfee Real Time Advanced for ePO (e-Policy Orchestrator).
We speak to Michael Sentonas, Vice President, Chief Technology Officer, Asia Pacific, at McAfee, to learn how organisations could strengthen their defence against cyber attacks and what other factors to consider in their fight against intrusion.
Photo: Michael Sentonas
Sentonas is responsible for driving the integrated McAfee security architectures and platforms to the Asia Pacific region. An active public speaker on security issues, Sentonas has shared his rich experiences and given regular insights through conferences, websites and trade publications.
Q: Given that advanced malware detection is only part of the overall solution an enterprise should have to remained protected, what else could one do to fully extend that protection to cover not just detection but containment, elimination and "immunisation"?
Michael Sentonas: The past 12 months has seen a significant change in the complexity and sophistication of advanced malware threats affecting business and government operations around the world. The types of targeted, sophisticated and stealthy threats that are seen today are often coded to evade detection, so can reside on a system for prolonged periods resulting in significant intellectual property loss. It's this type of threat that security administrators need to be actively looking out for, and have the tools that can identify in real-time the indicators of a compromised system.
The industry's typical "sandboxing" solution approach to date provide another layer of detection against these more advanced strains of malware. This works by executing a suspected malware in a virtual environment, or sandbox, to analyse its behaviour and determine if it is malicious and its potential impact on an endpoint or network.
Enterprises need to move well beyond detection and implement a security solution that goes beyond detecting incidents, to actually being able to stop the malware and any intended damage to the network -- to find, freeze and fix the malware and stop the attack or intrusion.
An enterprise advanced malware solution must have the ability to detect the issue but then integrate with the existing infrastructure to quarantine the attack, for example working with gateway security solutions like firewalls, web gateways and intrusion prevention solutions to stop the attack. It is then critical to leverage integration with endpoint security and management solutions to remediate impacted solutions and ensure the issue does not resurface within the environment.
Sign up for CIO Asia eNewsletters.