Cisco Arms Itself with New Weapons in War on Malware
According to Christopher Young of Cisco’s Security Business Group, companies are constantly under attack from malware. “We’ve got not only a proliferation of attack vectors,” says the senior vice president, “but also an advanced set of adversaries willing to innovate themselves.” But as a recent ZDnet article notes, Cisco isn’t standing idly by; instead, they’re gearing up for battle.
Intelligent Acquisitions Fuel Innovation
Cisco acquired security firm Sourcefire in October 2013 and then snapped up Czech company Cognitive Security at the beginning of 2014. The plan? To develop preventive rather than reactive malware weapons — ones able to perform in real time and respond to emerging threats as well as those that are well-known.
It starts with Sourcefire’s FireAMP detection technology, which Cisco will integrate into email and web gateways along with existing cloud security products. The company is calling the deployment “AMP Everywhere,” since it will be available to Cisco’s 600 million end users as either back-end software or as part of the FirePOWER 8300 Series appliance lineup for data centers. FirePOWER offers high-speed threat detection from 15 gigabytes per second (GBps) to 60 GBps, and up to 120 GBps if stacked. The result is a 50 percent speed increase along with real-time threat detection.
Cisco is also taking aim at application visibility and control to limit the spread of malware. The concept is called OpenAppID, an open-source technology that can detect and control apps in the cloud. OpenAppID will be rolled out in the popular Snort open-source community and be detection-ready for over 1,400 apps, reports NetworkWorld. In addition, app information collected by OpenAppID can be sent to security information and event management (SIEM) or third-party analytics tools.
Why Is Malware So Dangerous
Malware comes in many forms. Some of the most popular types are included email attachments with malicious payloads or hosted on websites that ask users to download “video players” or “antivirus tools” that are in fact keyloggers, rootkits or Trojans. But is the situation really as dire as Young believes?
According to Mohammad Mannan, assistant professor at the Concordia Institute for Information Systems Engineering in Montreal, it’s actually worse. He calls existing antivirus programs “totally useless” against malware and argues, “If you use them, you might even be vulnerable [to malware] to some extent.” The sheer amount of malware — and innovative malware creators — means antivirus tools designed to detect and react to specific code structures can’t keep up.
The sheer number of malware attacks has prompted agencies such as India’s telecom department to mandate that all Internet service providers (ISP) in the country provide advice to users on how to protect their computers and modems from malware threats. Many reputable web hosts also provide information on basic malware defense.
Thinking Outside the Box
Consider the recent Mt. Gox Bitcoin disaster — when Japanese Bitcoin exchange Mt. Gox went bust, users the world over wanted information on exactly what happened. Enterprising malware developers created a 620-megabyte file called “MtGox2014Leak.zip,” according to PCWorld, which claimed to be a Mt. Gox database access tool. In fact, it contained malware designed to sniff out and steal any bitcoins on a user’s computer.
In other words, social engineering has become an integral part of malware development, leaving most existing tools in the dark. Governments looking to get a handle on malware have developed initiatives like the U.K.’s Cyber Security Challenge, which puts the country’s best and brightest IT minds through a series of fake malware challenges, helping to find the next generation of experts. But Cisco’s 2014 threat report notes there’s a shortage of security professionals — at least 1 million worldwide — meaning soldiers alone can’t win the malware war: New weapons are required.
[image: Wavebreak Media/ThinkStockPhotos]