- Enterprises need a steady stream of actionable, timely, and accurate threat intelligence on targeted malicious intrusions and attempts into their networks
- They need this information without suffering breaches and cannot rely solely on post-compromise forensics or sandbox simulations to continuously tighten and adapt their defenses
- Pre-breach targeted intelligence eludes most organizations today, even among security leaders
Breachless Reports Mean Actionable Threat Intelligence without the Pain
When striving for high-fidelity targeted threat intelligence, organizations traditionally have relied on two alternatives, both suboptimal: they take actual forensic evidence from previously compromised machines—which leaves them “playing from behind” and always cleaning up digital messes—or they use sandboxing technology with user emulation to approximate what threats might do on a generic representation of an actual user device. Neither approach utilizes real malware running on real production PCs with real users at the helm performing all of the daily acts of modern business. Bromium does all of this through micro-virtualization on the endpoint, and this is what makes the Bromium solution fundamentally different and unique to anything else in the security space today.
Sand in Your Gears?
Sandboxing promises threat intelligence on advanced and targeted attacks by exercising malware inside of artificial, instrumented environments. High-volume network sandboxes run dozens or hundreds of potentially malicious samples in parallel and then make risk-based analysis decisions on whether to alert and allow/block subsequent instances of the sample. Sandboxes are commodities today—nearly every detection-based security vendor has one—but the problem hasn’t gone away, it’s steadily gotten worse! With up to 97% of malware unique to a single endpoint, sandboxing is a can’t-win proposition.
Inherent problems with sandboxing include:
- It emulates a desktop and simulates a user, rather than actual behavior on a real endpoint
- Desktop sandboxing sits above the kernel and is vulnerable to kernel-level exploits and escapes
- Many sandboxes do not prevent patient-zero infection by design, just block subsequent instances
- Sandboxes typically run for a mere 60 seconds or so, not long enough to generate meaningful results
Got the Post-Breach Blues?
Until now, the most accurate and relevant enterprise threat intelligence came from direct forensic analysis of actual breaches suffered within the organization. Problems with this backward-looking approach include:
- You got breached – this is painful!
- You now have a mess to clean up – this costs time and money!
- The infection may not be confined to a single machine – the problem may be much larger!
Why Not Go Breachless?
What if you could have the best of both worlds? Imagine a complete forensic trace of malicious activity run on an actual endpoint and exercised by a real user, combined with full kill-chain analysis, all with no breach to investigate, contain, or remediate. Breachless threat feeds have many benefits, including:
- No guesswork – isolation does not rely on risk assessment, detection, or blocking
- No breach – isolation contains the threat and eliminates it
- No spread – isolation prevents lateral movement
- No cleanup – malware is destroyed and gone forever every time their micro-VMs are closed
Since Bromium-isolated devices self-remediate, there is nothing for security teams to do when malware is discovered running on these endpoints—it simply goes away by itself! Bromium intelligence from threat feeds, however, can also be used to help analysts and responders to identify pre-existing intrusions or remediate non-isolated devices such as older PCs, Macs, servers, and IoT devices, or to lessen their combined attack surfaces proactively as well.
Toward a Breachless Future
Detection will never be 100% effective—it’s mathematically impossible—and clever attackers will always find new ways around your defenses. Until all enterprise devices can isolate threats, analyze malicious activity, and self-remediate, why not take the first step and lock down the largest attack vector today, your Windows PCs? With all of the benefits and none of the pain, breachless threat intelligence is the wave of the future. Elevate your threat intelligence and go breachless today!
The post Breachless Threat Intelligence: A Pain-Free Approach to CyberSecurity appeared first on Bromium.
*** This is a Security Bloggers Network syndicated blog from Bromium authored by Michael Rosen. Read the original post at: http://blogs.bromium.com/breachless-threat-intelligence-pain-free/