Apr 23 2015

Governments Require a Full Complement of Security Tools

IT managers say new sandbox and remediation tools offer a layer of protection that traditional anti-virus software can’t deliver.

When it comes to new security products, Vladislav Ryaboy follows the smart money in the cybersecurity community.

“I found that the signature-based anti-virus tools had become useless,” says Ryaboy, information security officer for the city of Miramar, Fla. After seeing a great deal of interest in the FireEye Malware Protection System, he deployed the product to detect and remediate advanced persistent threats (APTs) and zero-day exploits.

Ryaboy says the combination of FireEye with the Mandiant remediation system FireEye acquired offers Miramar the perfect mix of security tools. “It’s a tool that can detect and stop in its tracks — at least for the moment — this new generation of malware. And by automating much of the remediation we used to do, it reduces a great deal of our manual security tasks.”

In addition to gaining visibility into cyberattacks, the FireEye tools help the IT department clean up the network. “We have reduced the presence of adware and spyware,” Ryaboy says, which has also improved overall network performance.


The number of hits related to a recent zero-day exploit in Adobe Flash used in malvertisement attacks

SOURCE: TrendLabs Security Intelligence Blog, “Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements,” February 2, 2015

Frank Dickson, a research director for Frost & Sullivan who covers network security, says the city wisely came to the conclusion that they needed more protection than anti-virus software alone could provide.

“There’s a lot of talk now about organizations not needing anti-virus software,” Dickson says. “That’s not really the case. What IT staffs need are tools that complement and extend anti-virus. What’s different is that many of these new tools have been developed to detect and block the latest APTs and zero-day exploits.”

Defense in Depth

Bryant Bradbury, chief information security officer for the city of Seattle, agrees that traditional signature-based anti-virus software has rapidly become ineffective.

Organizations can’t rely on anti-virus software as we did in the past,” Bradbury says. “It only offers a thin veil of protection. While it still has a place, its value is diminishing by the moment.”

Seattle supplements anti-virus with a full complement of security tools, including intrusion detection/protection, security information and event management, and log managers.

“Organizations should continue to think in terms of a layered defense,” Bradbury recommends. “For example, people often neglect log examinations and some of the industry experts I’ve talked with say some of the more recent breaches could have been prevented if logs were watched more closely.”


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT