The ever growing need for faster protection time

By Dan Maier, Vice President of Marketing, Cyren.


Today’s Internet threats are faster and stealthier than ever, as attackers leverage advanced cloud automation and evasion techniques to bypass cyber defences. Perimeter security appliances and endpoint clients are increasingly too slow to stop these attacks, leaving companies vulnerable for hours, days, or even weeks to these types of attacks. In fact, many vendors appear to have conceded that they can’t stop threats at the perimeter, and have moved their focus to detection of threats after they’ve entered the network.  Here at Cyren we certainly feel that “defence in depth” continues to be the correct security philosophy and strategy, and of course the best form of defence is prevention. But that said a new approach to prevention is needed, one that performs fast enough to counter threats before they even reach users.


At its root cause, the problem lies in the legacy on-premise/appliance-based security architectures that have been put in place over the past 10 years. As the world has changed, with data and applications moving to the cloud and users working remotely outside the office, an on-premise security perimeter has become more and more problematic. With a limited scope of visibility to threats, the need for external periodic updates, and limited CPU cycles, on premise appliances struggle to deliver the depth and breadth of protection needed. Unfortunately this legacy approach will never perform fast enough to keep up with the increasing pace of innovation, automation, and evasive tactics we’re seeing demonstrated every day by cyber attackers.




In our opinion, the best way to deliver protection that is fast enough is to move security into the cloud. This cloud-based perspective provides two critical advantages:



·         Visibility – earliest visibility to emerging threats coupled with real-time shared threat intelligence across all the users in a security network

·         Scale and Performance - the ability to apply cloud-scale computing across a shared multi-tenant infrastructure delivers virtually unlimited throughput




In fact here at Cyren, we are moving strongly in this direction. Cyren has built out the world’s largest security cloud over the past 20 years, processing over 17 billion email, web and DNS transactions every day with a streaming architecture that allows us to detect threats as they emerge on the Internet, before they reach users. This global detection cloud powers our “front end” Security-as-a-Service offerings, including web security gateway, email security gateway, DNS security, and cloud sandboxing. These services provide inline blocking of cyber threats globally within seconds, delivering the industry’s fastest time to protection.




A bold claim you might say but fast time to protection is absolutely critical and this is what we have focused our time on over the years.  I will leave you with a few figures to emphasize the point.  Below are some statistics that provide some data to help paint a picture of the challenges facing the cyber security industry today.




Malware is faster and stealthier than ever…

Statistic

Category

Description

Source

1 minute

40 seconds

Phishing


The median time for the first user of a phishing campaign to open the malicious email


Verizon 2016 Data Breach Investigation Report, page 18

3 minutes

45 seconds

Phishing


The median time for the first click on the malicious attachment for a phishing campaign


Verizon 2016 Data Breach Investigation Report, page 18

50% opened

Phishing


The number of users that open e-mails and click on phishing links within the first hour of an attack.


Verizon 2015 Data Breach Investigation Report, page 13

Less than 2 hours

Phishing


Average duration of 25% of all malicious phishing URLs


Cyren analysis, Phishing Threat Report, August 2016

5 million uniques/hour

Ransomware


The Jaff ransomware outbreak that started on May 8, 2017, powered by the Necurs botnet, was delivering 5 million unique emails with 5 million unique ransomware attachments every hour (65 million emails over 13 hours).


Cyren Security Lab


(https://blog.cyren.com/articles/locky-2-jaff-ransomware-launched-from-necurs-botnet)

37%

Malware


Cyren’s security researchers  have found that HTTPS is now utilized for the distribution of 37% of all malware


Cyren Security Lab, <SSL webinar link>

97% unique

Malware


Nearly 97 percent of malware encountered on users' computers is unique, as criminals automatically generate variants in order to stymie defensive software.


eWeek (http://www.eweek.com/security/almost-every-victim-sees-unique-malware-webroot-says)





Traditional security architectures are not fast enough to stop today’s threats…

Statistic

Category

Description

Source

42.86 hours

Signatures


The average time it took for the leading anti-virus vendors to release a signature for over 100 different pieces of “in the wild” malware analyzed during the month of April, 2017

·         AV-Test.org

·         http://www.cyren.com/malware-outbreak-detection.html

·         Cyren analysis

83% fail

Web Security


Percentage of users who failed Cyren’s Web Security Diagnostic test for Zero Day Malware (malware identified in the past 24 hours)


Cyren, May 19 – June 2, 2017 (15 days)

91% fail

Web Security


Percentage of users who failed Cyren’s Web Security Diagnostic test for Zero Day Phishing (phishing URLs identified in the past 24 hours)


Cyren, May 19 – June 2, 2017 (15 days)

14 hours

Threat Detection


Cisco products achieved a median TTD (time to detection) of 14 hours for the period from November 2015 to October 2016


Cisco 2017 Annual Cybersecurity Report, pg. 33

15-30 minutes

Firewall


New antivirus content updates are released by Palo Alto Networks on a daily basis. New WildFire antivirus signatures are published 15‐30 minutes after new malware is discovered.


Palo Alto Networks  - https://www.paloaltonetworks.com/documentation/61/wildfire/wf_admin/wildfire-overview/best-practices-for-keeping-signatures-up-to-date


Share

Other Articles That May Interest You



Connected successfully