Photo - Kong Kum Yern (KY), Security Architect - Malaysia, Thailand and Hong Kong, Sourcefire.
Most Malaysian organisations need to expand their focus beyond just endpoint protection to cope with today's security environment, according to cyber security provider Sourcefire.
Organisations in the Malaysian business sector's only focus seem to be on the endpoint protection aspect. Traditional security policies and devices need to be considered as attackers are becoming more innovative and are already very much like organised crime gangs," said Sourcefire Malaysia' country manager Ivan Wen.
"We need to see updated security measures," said Wen, citing a recent Verizon Data Breach Investigations study. "[The report] included the finding that 69 percent of security breaches were spotted by an external party including customer, instead of by the organisation themselves."
"In addition, most attacks were external with 92 percent stemming from external agents," he said. "During 2012, hacking and malware were the top threats; however, 66 percent of organisations did not identify breaches for months after the actual compromise."
Sourcefire security architect, Malaysia, Thailand & Hong Kong, Kong Kum Yern (KY) said Malaysia's MyCERT [under the purview of CyberSecurity Malaysia] recorded 9,986 cases during 2012 and that organisations needed to be given more detailed visibility into malware attack activities.
Continuous visibility via AMP
Kong said the new improvements move beyond point-in-time detection to confirm an intrusion. "The new enhancements - the trajectory capabilities - provide business organisations with a unique continuous capability for its malware blocking needs and track the process before, during and after an incident."
"The Advanced Malware Protection [AMP] capability works on network and endpoint layers using big data analytics to drive continuous analysis," he said. "Such real time handling of viruses is essential to properly assess and control damage while point-in-time capabilities are not so effective these days."
"The 'Network File and Device Trajectory' capabilities can trace the path of intrusion, analyse the behaviour of the malware, remediate its targets and report on its impact regardless of when a file is determined to be malware," said Kong.
He added that in Malaysia, the Trajectory capabilities are available as part of Sourcefire's AMP for FirePOWER software licence, and can be added to a Next-Generation Intrusion Prevention Systems (NGIPS) or Next-Generation Firewall (NGFW), or as a dedicated appliance, both of which provide AMP for networks. As for the Device Trajectory, it is available as part of the FireAMP host-based protection available for endpoints and virtual networks.
Sourcefire's Wen added that while all organisations of all sizes both in the public and commercial sectors need to consider the use of enhancements such as continuous analysis, more education was needed to move beyond traditional security approaches.
Sign up for CIO Asia eNewsletters.