How to prevent cyberattacks

Declare war against cyber threats.

Declare war against cyber threats.

“If you could prevent hundred percent of attacks, there’d be no need for security people,” said Ben Johnson, cofounder and chief security strategist of cyber security vendor Carbon Black.

Carbon Black is focusing on protecting endpoints and using machine learning to monitor unusual activities within networks. Endpoints are basically personal computers, laptops, smartphones, tablets, bar code readers, and even point of sale (POS) terminals.

“The battle is on the endpoint,” said Johnson, because that’s the usual entry of malware and other malicious software that could seep through other parts of the network.

Johnson believes that most attacks still happen in traditional operating systems Windows or even Mac computers. The vulnerability of the old system is extremely easy for cybercriminals to attack.

Prevention

Carbon Black is looking at prevention through early detection achieved by constant monitoring. The firm’s new products are geared toward monitoring unusual behaviors or malicious activities that would prompt cyber security people to act instantly and prevent any attack.

“Our endpoint security platform (Carbon Black Collective Defense Cloud) defends organizations of all sizes from modern-day attacks with its unique zero-gap protection,” said Johnson, who once served in the United States’ National Security Agency.

“Cb Protection, which is really white listing, is positive security where enterprises define what’s allowed to run and everything else just gets blocked within the network,” said Johnson.

“Cb Response is basically monitoring,” he said. “You at least want to start watching patterns and everything that runs in your network—what’s making change, communicating to the server–in every computer.”

Cb Defense is a blend of the two and is really more about blocking.

“If a new program comes out and knows what it’s doing is bad behavior, ‘kill’ that,” Johnson said. “That’s really prevention.”

The software reads the patterns and it’s up to cyber security people how to respond.

“It’s kind of comparing current behavior against historical behavior,” Johnson explained. “When either preventing or detecting, you need more information.”

Did it start from the email or started from the web?

Long-term roadmap

Johnson advises enterprises to monitor everything and give security people enough information to understand why attacks happened.

The security expert also advises organizations to constantly update their security software as hackers and cyber attacks get to be more sophisticated.

“Organizations need to have a longer term roadmap but they also need to have agility,” he said. “They need to pivot, change course or course correct very frequently, whether that’s annually or take a review every six months.”

Johnson said enterprises’ security software should be looked into regularly and upgraded (maybe) five years.

“The five- year plan should be tied to the chief information officer’s IT plan,” said Johnson. “But then, every year I would have a very significant review of how the company’s doing or what’s actually adding value or not.”

While not all attacks could be prevented, security people must be prepared to react as quickly as possible to prevent widespread data breach.

Carbon Black is represented in the Philippines by Micro-D International, which has been offering solutions tailored toward specific business needs for 30 years.

Read more...