When it comes to new security products, Vladislav Ryaboy follows the smart money in the cybersecurity community.
“I found that the signature-based anti-virus tools had become useless,” says Ryaboy, information security officer for the city of Miramar, Fla. After seeing a great deal of interest in the FireEye Malware Protection System, he deployed the product to detect and remediate advanced persistent threats (APTs) and zero-day exploits.
Ryaboy says the combination of FireEye with the Mandiant remediation system FireEye acquired offers Miramar the perfect mix of security tools. “It’s a tool that can detect and stop in its tracks — at least for the moment — this new generation of malware. And by automating much of the remediation we used to do, it reduces a great deal of our manual security tasks.”
In addition to gaining visibility into cyberattacks, the FireEye tools help the IT department clean up the network. “We have reduced the presence of adware and spyware,” Ryaboy says, which has also improved overall network performance.
Frank Dickson, a research director for Frost & Sullivan who covers network security, says the city wisely came to the conclusion that they needed more protection than anti-virus software alone could provide.
“There’s a lot of talk now about organizations not needing anti-virus software,” Dickson says. “That’s not really the case. What IT staffs need are tools that complement and extend anti-virus. What’s different is that many of these new tools have been developed to detect and block the latest APTs and zero-day exploits.”
Defense in Depth
Bryant Bradbury, chief information security officer for the city of Seattle, agrees that traditional signature-based anti-virus software has rapidly become ineffective.
“Organizations can’t rely on anti-virus software as we did in the past,” Bradbury says. “It only offers a thin veil of protection. While it still has a place, its value is diminishing by the moment.”
Seattle supplements anti-virus with a full complement of security tools, including intrusion detection/protection, security information and event management, and log managers.
“Organizations should continue to think in terms of a layered defense,” Bradbury recommends. “For example, people often neglect log examinations and some of the industry experts I’ve talked with say some of the more recent breaches could have been prevented if logs were watched more closely.”