Upload
truongkhue
View
223
Download
6
Embed Size (px)
Citation preview
01st November 2013
TECHNICAL INSIGHTS
TECHNOLOGY ALERT
Network Security Technology Alert
© 2013 Frost & Sullivan 1
1. VIRTUAL ENVIRONMENT FOR SCREENING MOBILE MALWARE
ATTACKS
2. CLOUD-BASED GROUND UP APPROACH TO PROTECT ENDPOINT
DEVICES
3. EFFECTIVE SECURITY FOR DATA AND DOCUMENTS
4. INTERNAL SECURITY SOLUTION FOR NETWORK PROVIDERS
5. CLOUD-BASED EFFECTIVE BUG BOUNTY PROCESS SYSTEM
6. MULTIFACTOR AUTHENTICATION SYSTEM FOR MOBILE DEVICES
7. INTELLIGENT SYSTEM TO ANALYZE ZERO-DAY ATTACKS
8. NETWORK-BASED APPROACH ENHANCING CONTROL FOR BYOD
STRATEGIES
1. VIRTUAL ENVIRONMENT FOR SCREENING MOBILE MALWARE ATTACKS
Advanced threats from malware attacks have moved beyond the Web,
emails, and file transfers to mobile devices, with the rapid proliferation of
smartphones. However, for protecting these mobile devices, traditional malware
signature techniques are not adequately efficient. Apart from protection of
corporate mobile devices, there is also a strong need for protection of personal
devices at the workplace. Advanced mobile malware applications can easily steal
valuable information from users’ smartphones by penetrating their security
software through manipulation of the system codes by employing advanced
programming techniques. Virus and malware scanners that are available in the
market for mobile devices can only detect known threats, but fail to detect and
understand the behavior of new zero day attacks. This has generated the need for
a solution that can analyze the behavior of mobile applications and understand
the usage of information, thereby helping to protect the intellectual properties
and network data of the users.
In order to address the above-mentioned issue, a California-based security
solution provider, FireEye Inc., has introduced its new FireEye® Mobile Threat
PreventionTM solution for protection of mobile devices. The latest solution from
the company is developed specifically for the AndroidTM platform and is deployed
in a cloud environment for easy sharing of threat intelligence across the users of
an organization.
Network Security Technology Alert
© 2013 Frost & Sullivan 2
The underlying framework empowering the FireEye Mobile Threat
Prevention solution is its mobile Multi-Vector Virtual Execution (MVX) engine,
which implements an innovative approach to detect unknown threats, unlike the
traditional solutions with binary signature techniques. The MVX engine from the
company deploys mobile applications within a virtual Android environment to
understand the behavior of individual applications. The solution performs a
dynamic analysis on the applications to analyze various malware parameters and
their impact on the mobile devices. Leveraging contextual correlation, the MVX
engine helps users to get a comprehensive view of the behavior of the
applications on a virtual environment, thereby protection users’ data from all
threats that could occur due to code change or evasion techniques.
In addition to the unique approach of deploying mobile applications safely
within a virtual environment for behavioral analysis, FireEye Mobile Threat
Prevention also includes an advanced live-analysis module that provides real-time
threat intelligence to users. This dynamic analytics process provides a second-by-
second video playback for every applications and provides information on the
behavior of the applications and their actions on the mobile device. The
intelligence system helps organizations and users’ to deploy security policies
according to the threat ratings, and also provides the provision to block
applications, if necessary.
As the cloud platform is the most flexible mode for easy integration of
services, FireEye offers its Mobile Threat Prevention solution as a cloud service.
Users can easily test their applications over cloud and analyze the behaviors
through the analytical engine before installing them into their mobile devices. The
solution, with its innovative approach to prevent malware attacks, its cost
effective and easy integration options through cloud platform, and advanced
threat analytics module for real-time application screening, could prove to very
attractive for a wide range of customers, specially organizations that work with
bring-your-own-device (BYOD) policies. This comprehensive solution for mobile
protection from FireEye could have a significant impact on the mobile security
market within a time span of one year.
Details: Jeffrey Williams, VP Business Development, FireEye Inc., 1440
McCarthy Blvd., Milpitas, CA 95035. Phone: +1-408-321-6300. E-mail:
[email protected]. URL: www.fireeye.com.
Network Security Technology Alert
© 2013 Frost & Sullivan 3
2. CLOUD-BASED GROUND UP APPROACH TO PROTECT ENDPOINT DEVICES
In a traditional solution, security appliances are usually placed on the
server side behind the corporate firewall security layer. Thus the architecture of
these solutions is not able to extend its security protection to any mobile devices
connected in the corporate network in a distributed environment. This provides
the gap for security breaches through malware, phishing, and botnet attacks to
steal sensitive information from the corporate servers. Another notable challenge
faced by organizations in managing mobile devices is due to the diverse locations
of users accessing the Internet, which makes the system perform slower due to
constant scanning of incoming and outgoing contents from the enterprise
network.
With an objective to address these issues, California-based security
solution provider, Zscaler Inc., has come up with an Advanced Persistent Threats
Solution, which offers security over cloud platform and extends its capability to
protect any devices at any location through a single solution.
The comprehensive cloud-based advanced persistent threat (APT) solution
from Zscaler proactively analyses dynamic behavior of applications accessing the
network by leveraging behavioral analysis. This real-time protection system easily
tracks any malicious codes accessing corporate network, thereby enhances the
capabilities of the antivirus protection system. In addition, Zscaler APT also
includes DNS (domain name system) analysis along with its existing in-line traffic
scanning technique to detect changes in the traffic pattern due to botnet attacks.
This helps to reduce the impact from any botnets into the system as the solution
automatically kills botnet command execution as soon as it detects any initiation.
To further enhance the functionality of the security solution, Zscaler Inc. also
augmented its big data security analytics into the APT solution to develop a more
comprehensive solution than before. Incorporation of Big Data Analytics into the
solution provides a real-time global visibility of the network for organizations and
enables analyzing endpoint traffic with a more focused accurate analysis.
One of the major benefits provided by Zscaler's solution is its context-
aware cloud security. Zscaler starts screening devices with a ground up approach
from user-based policies. The solution screens every device, its contents, and
applications along with its location information. Leveraging Direct-to-Cloud
Network from the company the solution seamlessly connects to over 100 data
Network Security Technology Alert
© 2013 Frost & Sullivan 4
centers comprising of 10 million users across the globe, which helps to analyze
and quickly identify threats from the large database with near zero latency.
The global trend of accessing corporate network from any locations with
the advent of smartphones demands for an effective solution, which could offer
the same level of security as any other device used within corporate network.
Zscaler's solution incorporating pre-processing malware, botnet analysis, traffic
scanning forensic analysis, and context-based behavioral analysis--all offered
over cloud through a single platform--could prove to be an attractive solution for
the BYOD (bring your own device) market in coming years.
Details: Clinton Karr, Sr. PR Manager, Zscaler Inc., 110 Baytech Drive,
Suite 100, San Jose, CA 95134. Phone: +1-408-786-9285. E-mail:
[email protected]. URL: www.zscaler.com.
3. EFFECTIVE SECURITY FOR DATA AND DOCUMENTS
The conventional security systems are keen on developing solutions that
secure the perimeter of data storage. Time and again, it has been proved that
these systems fail to protect data because of advanced algorithms and hacking
systems. Moreover, it is difficult to create a common data security for various
types of data that need to be stored. The recent developments, such as, cloud,
have increased data transition, resulting in poor security cover for data. In case a
strong security cover is provided, the solution may suffer due to lack of flexibility,
resulting in ineffective security policy implementations. This has led to the need
for a solution that can effectively create a security cover for data, without
affecting data transition and flexibility.
A Portugal-based company, Watchful Software has come up with a solution
called RightsWATCH, which is a data-centric security solution. The solution
effectively prevents data leaks and enables smooth implementation of data
policies.
Unlike conventional solutions, the protection is applied to the data itself,
enabling effective prevention of data loss. This acts as a strong cover against
unauthorized access. The perimeter cover acts like a fort which could fail in
events of complex hacking. The RightsWATCH solution acts as a data cover that
can protect the data even if the perimeter cover is breached. Such a strong cover
within the perimeter often works effectively within or outside the physical
boundaries and provides security coverage for any device that accesses such
Network Security Technology Alert
© 2013 Frost & Sullivan 5
data; this includes laptops, external storage devices, and other cloud servers.
Various levels of information need different levels of security. RightsWATCH is
programmed using a MultiLevel Security Model (MLS) that automates level of
security, enabling easy implementation of security policies. Data is protected by
the servers as long as there is validity of data; this makes the solution a
persistent security cover.
The security can be offered to host of applications, such as Microsoft Word,
Excel, PowerPoint, Outlook, Visio and Project. When systems interact with
documents worked upon by external organizations, the security cover can be
extended to applications, such as, Microsoft SharePoint. The solution is equipped
with advanced monitoring and administering consoles that are capable of
performing security analyses on documents. In case of any suspicion of security
breach, the links to the document is severed, and after verification, the links are
restored. The solution is designed for integration with Microsoft’s technology,
which is being used in a majority of enterprise applications.
The solution is expected to have a strong impact within three to four
years. This medium term of impact is mainly due to the solution’s novel method
of securing the data rather than creating an external security perimeter for the
information. This method is effective because the shortened space between the
security cover and data makes it more difficult for hackers to get any hold on the
data. The solution’s capability to be integrated with Microsoft’s solutions is
expected to increase its market space.
Details: Rui Melo Biscaia, Director, Product Engineering, Watchful Software
Parque Industrial de Taveiro, Lote 49, 3045-504 Coimbra, Portugal. Phone: +351-
239-989-100. E-mail: [email protected]. URL:
www.watchfulsoftware.com.
4. INTERNAL SECURITY SOLUTION FOR NETWORK PROVIDERS
Traditionally, security is associated with prevention of external threats,
such as, breach of firewall, intrusion, failure of packet filters, viruses, and
hackers. The conventional security systems heavily focus on warding off the
external threats, which makes them less equipped for dealing with internal
threats. Internal threats are generated by internal modules and access systems.
The Internet assets are affected by botnet and malware that destroy the systems
internally. In order to address these new threats, it is necessary that exclusive
Network Security Technology Alert
© 2013 Frost & Sullivan 6
systems designed for internal security should be created. Apart from creating
internal security, these systems are also expected to provide solutions for data
leakage and for internal policy implementation.
US-based Nominum Inc. has come up with a solution called VantioTM
ThreatAvert, which is capable of forecasting threats and stopping them. In case
there are attacks that cannot be prevented, the solution reduces their impact.
The solution leverages its internal resources for creating the internal security
perimeter.
The Domain Name System (DNS) is leveraged by Vantio ThreatAvert to
curb malicious activity internally. The Vantio ThreatAvert utilizes DNS to form a
Global Intelligence Xchange (GIX), which is a real-time update registry for
internal threats. The DNS empowers Vantio ThreatAvert with high levels of
scalability, resulting in complete scan of the security status from top to bottom.
The scalability also enables an always-on network that allows user mobility and
enables faster and reliable connectivity. Nominum’s patented DNS Caching
technology allows Vantio ThreatAvert to overcome larger query volumes, which
cause competing solutions to fail. The network performance is rendered in a fast
pace without any hindrance due to handling of the spikes in query volumes using
the DNS cache. The solution provides strong visibility of the query trends,
enabling well-informed analytical decisions in handling the queries. Abnormal high
query rates will be displayed, enabling the system to deduce the source of the
attacks and take precautionary measures.
The solution does not allow hackers to alter the DNS record and thus
prevents Internet users from visiting any malicious Websites. The security cover
of Vantio ThreatAvert does not stop with DNS protection; the solution has been
designed to provide strong protection to the mobile network spectrum as well.
The precision engine allows strong protective and precision policies to be
implemented, based on the reports from GIX. These policies do not just protect
the DNS server, but also keep the malleability of the system intact. This allows
the system’s protection to be strongly reactive to threats with help of dynamic
updates.
The solution is expected to have a strong impact in a period of two to
three years. This short term of impact is mainly due to the fact that the solution
is capable of warding off threats internally, which is novel, and also enables a
strongly reactive response to external threats. The solution’s security perimeter
Network Security Technology Alert
© 2013 Frost & Sullivan 7
for the mobile network spectrum can be evolved to create a pervasive security
net around network assets.
Details: David Contreras, Media Contact, Nominum Inc., Pacific Shores
Center, 2000 Seaport Blvd, Suite 400, Redwood City, CA 94063. Phone: +1-650-
381-6000. E-mail: [email protected]. URL: www.nominum.com.
5. CLOUD-BASED EFFECTIVE BUG BOUNTY PROCESS SYSTEM
Security testing is a crucial process, which enables software developers to
evaluate their Web applications, mobile applications, Websites, and Web services.
Conventional solutions use instances but do not involve any expert opinions or
bug bounty processes. Bug bounty processes might contain complex modules and
could prove very costly. Moreover, conventional solutions allow only few experts
to involve in the process because increase in number of experts could result in
increase of cost. The support infrastructure, which is needed to assist experts in
the bug bounty process, could fail due to overload. This has resulted in firms
looking out for solutions for effectively addressing the above issues and achieving
cost-effective bug bounty processes.
Sydney-based company called Bugcrowd Inc., has come up with a solution
called Bugcrowd’s bug bounty platform. The platform has the capability to
connect researchers to the security testing process, thereby enabling a strong
security system.
The cloud-based solution allows users and researchers to sign in from their
systems in to the platform to perform the bug bounty processes. The solution is
equipped with a crowd control system through which the entire bug bounty
process is routed. The crowd control system keeps a check on number of people
involved in a single process so that overload can be avoided. The solution, which
is specifically designed for coded applications, allows clients to list the sites or
apps to be tested through the cloud platform. The granularity of the site allows
the clients to choose the date and time of the start and stop of the testing
process. The Bugcrowd platform offers a complete end-to-end management of
bug bounty processes such as managing the testers, collecting and validating the
bug, and managing shipment and payment to the testers.
The solution offers two types of service, on-going bounties and ad-hoc
bounties. The on-going bounties are run for search engines, social sites, and e-
commerce applications. These processes are charged according to the scalability
Network Security Technology Alert
© 2013 Frost & Sullivan 8
performed by the platform. The ad-hoc bounties allow clients to choose the scope
and time of the process. The ad-hoc requests can go as a completely private or a
public process. The solution offers a comprehensive reporting system, which
contains the details of every bug that has been found. The charges are levied
based on the information found and not on the run time. The solution is agnostic
enabling it to adapt to any application or device.
The solution is expected to have a strong impact in a short term of 2 to 3
years. This short term is mainly due to the fact that the conventional solutions
are cost intensive and do not support small and medium enterprises. The cloud-
based Bugcrowd is capable of providing infrastructure and differentiation in
scalability for small enterprises.
Details: Segei Belokamen, Co-Founder, Bugcrowd Inc., PO Box 1199,
Sutherland, NSW 1499, Sydney, Australia. Phone: +61-2-8417-2994. E-mail:
[email protected]. URL: www.bugcrowd.com.
6. MULTIFACTOR AUTHENTICATION SYSTEM FOR MOBILE DEVICES
New age Web and mobile applications use conventional username and
password authentication systems. These systems need customers to retain
dissimilar usernames and passwords for diverse payment portals for improved
security. In spite of this, the username/password authentication systems are
effortlessly conceded, leading to complex security, privacy, and identity control
breach. Online business services could also prove to be security threats as they
allow hackers to find out passwords or glean data needed to reset user accounts.
Most of the username/password authentication systems have a backup system to
include password recovery tools, which permits invaders to get passwords easily.
To overcome these challenges, various transaction service providers and security
system providers are searching for an auxiliary system that could provide an
alternative to password authentication systems by providing improved security
efficiency.
A US-based company named LaunchKey has come up with a solution
known as LaunchKey authentication system. The solution is a multifactor
authentication system, without passwords.
The key feature of the solution is the use of anonymous multifactor
authentication through smartphones and tablets instead of password/username
authentication. The solution is enabled by launch requests known as the receiving
Network Security Technology Alert
© 2013 Frost & Sullivan 9
and responding launch requests. An application programming interface (API)
called the LaunchKey API will send encrypted authentication requests to any of
the user’s mobile devices that are pre-registered. This encrypted authentication is
called a push request and reaches the device based on the servers used. Faster
the servers, the faster the push notification messages reach the device. The
encrypted authentication could be a voice recognition system or finger printing
system or any biometric system. The user has to respond to the launch request
by accepting or denying the push request. The main visualization console is called
the Orbit that consists of all the history of authorizations, including, the trending
authorizations. This allows users to have a record of the authorizations approved
or rejected by them.
The Orbit represents the current status of the session by different color-
coded buttons, which increases ease of use. The various listed status of sessions
include active session, active session-pending response, session pending and
inactive transaction. The system also offers the following application factors for
the user to choose from--Geofencing, Device Factor, Combination Lock, and Pin
Lock.
The solution is expected to have a strong impact in a period of two to six
years. This period of diffusion is mainly due to the solution’s capability to include
a host of authentication factors without affecting the performance of the mobile
device. The solution is expected to cater to the bring-your-own-device (BYOD)
concept, which is gaining increasing popularity. The strong, simple, and flexible
solution is expected to match the mobile security needs of different smartphones
and other devices.
Details: Devin Egan, Co-Founder, LaunchKey, Bedford Farms Drive
Bedford, NH 03110. Phone: +1-916-955-1313. E-mail: [email protected].
URL: www.launchkey.com.
7. INTELLIGENT SYSTEM TO ANALYZE ZERO-DAY ATTACKS
Everyday a massive number of malware are discovered by security
professionals in the anti-virus solution market. However, in spite of continuous
updating of anti-virus software, it fails to identify malware threats due to the
sophisticated codes and advanced e-mail security penetration techniques used by
today’s malware programmers. By the time the anti-virus industry recognizes an
attack after it is received by users in their e-mails, already millions of networks
Network Security Technology Alert
© 2013 Frost & Sullivan 10
have been infected, even before the malware is listed by the professionals. This
has generated the need for an advanced network protection solution, which could
provide users with the information for protection against these zero-day attacks.
In order to address this issue, Pennsylvania-based security solution
provider, Malcovery Security introduced its technology called Malcovery Cyber
Intelligence & Forensics (MCIF) System Architecture. MCIF system from Malcovery
includes a comprehensive Threat Database along with a Malcovery patented
technology to analyse and protect sensitive data of users.
Malcovery offers its solutions and services over a cloud platform. The
intelligent MCIF System Architecture leverages a massive threat database, which
acts as the backbone for the Malcovery solution. Utilizing the information in the
database, the company implements big data analysis technique, this helps the
users to understand the pattern and behaviour of threats within a network. The
cloud framework with connection across diverse data sources, extracts data from
various proprietary and pubic sources thereby acting as a comprehensive base for
the intelligence and forensic activities performed by the solution. The intelligence
and forensic system utilizes Malcovery’s patented technology and innovative
methodologies to offer services to its customers and partners. Malcovery
technology analyses millions of e-mails daily for extraction and deduplication of
new URLs. At the current level of accuracy, the solution detects around 65% of
phishing URLs within seconds. The URLs, which are not automatically detected by
the solution, are forwarded to the operations team for human classification. Once
the classification is done manually, the system is smart enough to learn the
pattern that can be matched for future analysis.
One of the major benefits provided by Malcovery solution is its multi-phase
investigation methodology, which analyses spam, malware, and phishing threats
with much more accuracy than its competing solutions. The solution not only
provides actionable insight on cross-platform attacks, but also provides
notifications to users about emerging threats. This helps customers to enhance
their knowledge base and provides a more comprehensive solution to malware
attacks.
Malcovery already offers its solution to some notable enterprises, which
include Facebook, Bank of America, and eBay. The accuracy and efficiency
provided by the convergence of cloud technology with big data analytics within
Malcovery solution makes it an attractive package for the customers for securing
Network Security Technology Alert
© 2013 Frost & Sullivan 11
their sensitive information. It is expected that the solution could soon penetrate
to a wider customer base within a short time span of 1 to 2 years.
Details: Kelly Doyle, PR Manager, Malcovery Security LLC, 2400 Oxford
Drive #302, Bethel Park, PA 15102. Phone: 412-401-5423. E-mail:
[email protected]. URL: www.malcovery.com.
8. NETWORK-BASED APPROACH ENHANCING CONTROL FOR BYOD
STRATEGIES
The latest trend of enterprise workforce to access corporate data from
outside the organization network from their own devices empowers businesses to
perform at its best. This brings in the trend for bring-your-own-device (BYOD)
strategies, which in turn help in improving productivity and satisfaction for
employees. However, this practice also exposes sensitive corporate data to the
outside world, which could be easily hacked by attackers resulting in massive loss
for the enterprises. Thus, there is a need for a structured approach in managing
external devices, lack of which could leave enterprises exposed to security gaps
and IT complexity and compliance issues.
With an objective to address this challenge of managing network
connected device outside corporate infrastructure and ensure protection for BYOD
strategies, ForeScout Technologies Inc., a California-based network security
solution providing company has come up with ForeScout CounterACT solution.
CounterACT provides protection and management tools for both personal
computers and handheld devices.
ForeScout employs an innovative approach for device risk management.
The solution offered by the company leverages a network-based approach, which
helps in identifying and accessing every single device in the network. It helps in
control and remedy for identified devices and finally monitors them to ensure
compliance and protection. The innovative network-based approach ensures
covering every device type available at present as well as in future for BYOD. This
approach negates the need to deploy any additional software into the device,
thereby providing flexibility to independently use any device at end point. In
addition, the solution from ForeScout also includes an intelligent device
identification system, which can detect any device connected to the network
irrespective of its connection type--wired, wireless, or virtual private network.
Furthermore, the advanced identification system also provides data for the
Network Security Technology Alert
© 2013 Frost & Sullivan 12
administrator to know about the devices details such as media access control
(MAC) address, authentication technique used, and applications installed in the
device.
ForeScout enables a wide range of policy enforcement for the device. It
could easily prohibit external devices from accessing corporate network or could
enable customized access rights to specific contents for specific devices in the
network. The solution helps to enforce policies in a more granular manner, which
helps clients to deploy security strategies for understanding deficiencies in the
device network.
ForeScout CounterACT’s uniqueness to limit access to sensitive resources
of an enterprise, ensuring security policies are met on every network connection
and constant monitoring of every connected device provide a comprehensive view
of the BYOD landscape for an enterprise. With the growing concern about
protecting sensitive information from varied types of external devices in BYOD
practice environment for enterprises, the network-based specialized approach
could prove to be an attractive solution for enterprises in the next 1 to 2 years.
Details: Scott Gordon, Chief Marketing Officer, ForeScout Technologies
Inc., 900 E. Hamilton Avenue #300, Campbell, CA 95008.Phone: 1-408-213-
3191. E-mail: [email protected]. URL: www.forescout.com.
Back to TOC
To find out more about Technical Insights and our Alerts, Newsletters,
and Research Services, access http://ti.frost.com/
To comment on these articles, write to us at [email protected]
You can call us at: North America: +1-843.795.8059, London: +44 207 343 8352, Chennai: +91-44-42005820, Singapore: +65.6890.0275