Story image

‘Crowd-sourced’ security to neutralise zero-day attacks

By Heather Wright, Fri 5 Jun 2015
FYI, this story is more than a year old

Security resellers and businesses have the chance to participate in the fight against cyber-criminals thanks to next-generation interactive sandbox security solutions, becoming part of what is effectively ‘crowd-sourced’ security.

Gary Gardiner, Fortinet ANZ director of engineering and services, says with the new next-generation interactive sandbox security solutions, which are hard-wired to respond against advanced persistent threats, resellers and organisations can join the fight against cyber-criminals.

Gardiner says zero-day threats are fast becoming the ‘risk-du-jour.

“More and more cyber criminals are creating exploit variations, or StrikeVariants, that can morp on the fly into literally 100,000 variations.

“These strikes bombard the firewall, making it work overtime to defend against all of the different StrikeVariants. It’s a resource-intensive operation that can overwhelm most defences.”

A single StrikeVariant can attack thousands of targets before it is neutralised, forcing under-attack networks to dedicate large amounts of processing power to stop the attack.

Gardiner says the best defence at this point is to match the StrikeVariant’s fire power with the massed processing capabilities of firewall gateways and well defined sandboxes.

Gardiner says Fortinet’s next-generation FortiSandbox security appliances map and analyse new zero-day StrikeVariants in the ‘fenced off’ sandbox.

The base code is then uploaded directly to Fortinet’s global security lab, FortiGuard.

“We take it apart, simulate all of the possible variants, create fixes and then deploy the detection signatures back to all of the interconnected FortiGate next generation firewalls, FortiMail and FortiSandbox devices.

“What was once a zero-day threat that could cause, at the very least, huge drains on processing power around the world, can now be prevented from even entering the network at the gateway.”

Gardiner is open that it’s not just Fortinet’s sandbox that can be put to action, but ‘any high-end sandbox solution’.

“It’s almost like crowd-sourcing security,” he says.

“Once there are enough sandboxes deployed around the world, each one acts as a zero-day threat detector.

“And as soon as they are identified and neutralised, these malware variants can’t really do much harm.”

Fortinet recently signed up to the United States’ Cyber Information and Sharing Collaboration Program (CISCP), which was established to share information on cyber threats, incidents and vulnerability information in near-real-time.

CISCP is, Gardiner says, the beginning of a unified, collaborative approach to cyber-security on a global scale.

“It’s the old divide and conquer strategy,” he says. “If cyber-criminals pick off companies one-by-one, defending is difficult.

“But if organisations band together and share real-time threat mitigation intelligence, we can neutralise even the most persistent attacks.”

Recent stories
More stories