Advanced Threat Scare Tactics Don't Sell, Say Solution Providers

Advanced threats, custom malware designed to defeat antivirus, legacy firewalls and other traditional security measures are a serious concern, but solution providers tell CRN that some businesses don’t recognize that, and often balk when told of the additional costs associated with so-called advanced threat detection software and appliances.

Virtual sandboxes are designed to detect new strains of malware and zero-day exploits that target previously unknown vulnerabilities, but they also result in the need for skilled security professionals to monitor logs for suspicious activity and respond to alerts to identify the risk associated with a detected threat. The increased activity has prompted Palo Alto Networks CEO Mark McLaughlin to call for new ways to reduce the burden on IT teams. In an interview with CRN at the 2014 Palo Alto Networks Ignite user conference in Las Vegas, McLaughlin said the solution to the problem may be a combination of more automation and better response processes.

"It's increasingly common to see companies struggle with response," McLaughlin said. "Increased vigilance is one thing, but having the ability to go in and automate the process of isolation and removal might reduce some overhead."

[Related: Advanced Persistent Threats: Not-So-Advanced Methods After All ]

Solution providers say their clients desire less complexity and often turn off components that have the potential to disrupt end users. One of the most common ways for attackers to defeat a security appliance are misconfiguration issues introduced by complexity.

But small and midsize businesses are not immune to attacks, experts say. The complexity issue is only going to be compounded by the hybrid environments being adopted by some businesses, said Gordon Martin, president of Tulsa, Okla.-based PeakUpTime, an early Palo Alto Networks partner.

Palo Alto Networks and other network security vendors are adding on capabilities to address the increasing visibility needs, control and other security requirements that businesses have as they create hybrid cloud environments, Martin said. The company has been able to maintain its forward momentum without growing too complex as it adds capabilities. While the focus is on advanced threat detection, clients desire strong security and simplicity, Martin said.

"Most clients don't really know where the next threat is coming from," Martin said. "You can't ignore the fact that you have to empower the customer to be able to get reporting, and manage their environment in such a way that they feel confident they have everything under control."

NEXT: Know Your Adversary, Says Palo Alto Networks' Chief Security Officer

In order to adequately allocate budgeting dollars in the right place, organizations need to know where their most critical data resides and what threat actor is likely to target it, said Rick Howard, chief security officer of Palo Alto Networks, in an interview with CRN. Howard, a security industry veteran, said a threat assessment is one essential component in establishing where many resources need to be allocated.

Businesses need to know if they are targeted by financially motivated cybercriminals, hacktivists or nation-state sponsored cyberespionage threat actors, Howard said. Some businesses may determine that the loss of certain data won’t be a major impact to the business and decide to focus on higher business priorities.

The industry is transitioning away from outdated incident response team processes of running to infected systems, taking them offline and wiping them, Howard said. It makes more sense to determine the threat actor associated with the attack and, based on the adversarial profile match, get more detailed information on what other systems were likely compromised.

"The adversary has a campaign plan; they're not just interested in a laptop; they have goals in mind," Howard told CRN. "We need to be able to develop those adversary profiles of what they are trying to accomplish and how they are going to do it."

Modern security appliances are detecting previously unseen threats but they haven’t yet scaled down to justify the cost for most small businesses, said Scott Fuhriman, a security expert who heads sales at a regional solution provider in the Midwest. Small banks and regional retailers are among the first SMBs to adopt the latest technologies, but detection needs to be followed up with investigating threats and addressing the targeted weaknesses, Fuhriman said.

"I think that the technology is a good technology and has its place, but the cost of it right now is very prohibitive for most organizations except for enterprises," Fuhriman said, referring to technologies like Palo Alto Networks' WildFire service and FireEye's platform designed to analyze suspicious files. "As more competitors come to market, it drives the costs down so more organizations have access to the technology.’

PUBLISHED APRIL 1, 2014