Many businesses are generally only protected against Gen 2 or 3 security threats Gil Shwed, Check Point Founder and CEO, said in his keynote address during the company's annual customer and partner event series, CPX360 held in Bangkok recently.
Generation 2 cyberattacks were from the Mid- 1990s, where attacks from the internet affected all business and drove the creation of the firewall. The early 2000s saw the rise of Generation 3 cyberattacks where hackers exploiting vulnerabilities in applications affected most businesses and drove the rise in intrusion prevention systems (IPS) products.
"We are now in the fifth generation of cyberattacks, with large-scale and fast movement strikes across mobile, cloud and on-premises networks increasing over the past year, affecting companies more than ever,” Shwed said.
But with businesses falling behind in meeting current threat levels, Shwed said that they need to close the security 'generation gap' by deploying infrastructures which combine real-time threat prevention, shared intelligence and the most-advanced security across all enterprise environments.
He went on to say that Gen VI of cyberattacks would see “Nano Security" embedded on every device, web or Cloud service, applications and network, to protect the hyper-connected, hyperscale world, “This will enable us to secure everything from individual IoT devices to hyperscale networks seamlessly, eliminating weak links and protecting our future.”
Part of the problem businesses are willing to allow a lapse in cybersecurity is that some feel that the public has become inured to cyberattacks thanks to the many that have made the news over the past few years. But Tony Jarvis, Security Evangelist, APAC region for Check Point feels that these businesses aren’t as worried as they should be.
“We see these big breaches that make the news but after a while everything goes back to normal,” Jarvis said, “They just don’t get attention it deserves,” Jarvis added that every year more is spent on security, but security breaches keep happening, “It’s not that we are not spending enough so has to be something else. There is no real strategy behind how they are spending.”
Kenny Yeo, Principal Analyst covering cybersecurity at Frost & Sullivan agreed saying that while the public may seem to be apathetic, there is a growing awareness of cybersecurity and security concerns. “We’re seeing people starting to demand more from their Service Providers,” Yeo said.
During the event, Check Point released some of their findings in their 2019 Security Report where they said that Cryptominers occupied the top four most prevalent malware types and impacted 37% of organizations globally in 2018. Despite a fall in the value of all cryptocurrencies, 20% of companies continue to be hit by cryptomining attacks every week. Cryptominers have also highly evolved recently to exploit high profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates.
33% of organizations worldwide were hit by mobile malware, with the leading three malware types targeting the Android OS. 2018 saw several cases where mobile malware was pre-installed on devices, and apps available from app stores that were actually malware in disguise.
Bots were the third most common malware type, with 18% of organizations hit by bots which are used to launch DDoS attacks and spread other malware. Check Point’s report found that bot infections were instrumental in nearly half (49%) of organizations experiencing a DDoS attack in 2018.
In some rare good news, the security report found that in 2018 ransomware usage fall sharply, impacting just 4% of organizations globally.
Plugging these gaps
Unfortunately, for businesses that are behind the security curve, catching up means spending more money to fill the gaps before they get attacked.
According to Shwed, the problem wasn’t that people and businesses weren’t investing enough in security, rather it was what they were buying. “Security is extremely complicated and nobody understands all the details,” Shwed said, “There are good technologies available but they don’t necessarily close all the gaps.“
While traditional approaches to security were no longer as effective as they’d been, Shwed still believed that there was a place for them in the enterprise. “There will always be a place for things like Perimeter defense,” Shwed said, “What is important is to ensure that they’re supplemented with newer technologies to keep current threats at bay.”
Shwed added that while buying security by buzzword isn’t always a bad thing as it usually highlights a solution to the latest threats out there, it is equally important to take a holistic approach to security to ensure that all gaps are properly plugged and nothing is forgotten or left behind.
Eddie Doyle, Global Security Strategist at Check Point, agreed saying that traditional security was not obsolete as things like antivirus was always needed. “People will always have some form of machine to work on that will need some form of security to protect them,” Doyle said, “What we need to do is keep advancing security in pace.”
Jarvis cautioned CIOs and CISOs to take information thrown at them by vendors with a pinch of salt and take time to digest the information before trying to make sense of it all and how it should fit into their existing security solutions.
Dealing with the Human Factor
But despite the availability of technology to keep threats at bay, the human factor remains a consideration. And employee education which has so often been used, is fast failing in effectiveness.
Check Point’s own 2019 Security Report revealed that mobile malware remained a threat. This demand for Bring Your Own Device (BYOD) has been fueling growing calls for additional ways to secure endpoints and increased security education for employees.
Doyle said that education is no longer effective and what is needed was to condition users to react to threats in the right way with constant and consistent drilling and simulated attacks.
Jarvis agreed with this view saying that it was time that businesses approached training in a different way. He suggested that businesses look to embed security as part of the culture with the IT department there to help and advise with real solutions.
CEO Shwed said that as much as possible, the goal for businesses and security vendors is to make it as easy and transparent as possible for the user. “Any way we can shield the user and make it safe is the best outcome,” he said.
Jarvis believed that we should strive to make security as automated as possible without losing human control, “For example Patch Tuesday. If we can automate it, we can remove some complexity, and complexity is the enemy of security,” he said.
One recent development in security has been the incorporation of machine learning and Big Data into the analysis of network logs and detecting anomalies. These are then flagged for human operator intervention while further automated processes are developed and ‘taught’ to the security solutions so that they can learn and deal with similar situations should they arise again.
But for Doyle, the promise of automation has yet to be seen let alone reached. While machine learning and automation is delivering some positive outcomes, Doyle felt that promise of automation with Artificial Intelligence (AI) has yet to be delivered.
Security has always needed businesses to balance people, processes and technology said Yeo. Vendors will always want to sell more products so it is up to the business to decide what is best for it and it’s employees. “It’s like Digital Transformation,” Yeo said, “It is meant to make things easier for staff and customers but IT still has to make things secure and say no to certain things.”
The arrival of hyperscale network security
At the Bangkok event, Check Point also introduced Maestro, the industry’s first truly hyperscale network security solution. Check Point Maestro is a revolutionary new architecture that enables businesses of any size to enjoy the power of flexible cloud-level security platforms, and to seamlessly expand their existing security gateways to hyperscale capacity. This enables organizations to secure the largest, most resource-hungry environments including hyperscale data centers, telcos and mobile networks.
Check Point Maestro delivers advanced new capabilities:
- Hyperscale security: customers can scale up their existing gateways of any size on-demand, to support over 50x their original throughput, within minutes. It gives seamless expansion to hyperscale security, while protecting organizations’ existing investments.
- Cloud-level resiliency: Maestro is the only unified security system that can offer cloud-level resilience and reliability to all organizations’ deployments, with Check Point’s HyperSync giving advanced telco-grade clustering and full redundancy.
- Operational supremacy: It is managed intuitively by Maestro Security Orchestrator, which controls all of an organization’s gateways as one unified security system, minimizing management overhead.