Multiple layers now required for effective security: report

"The AV industry has evolved beyond static signature technology" says NSS Labs.

Multiple layers now required for effective security: report
Multiple layers now required for effective security: report

A report from NSS Labs says that industry criticism of standard antivirus (AV) software, which is often said to `miss' the latest security threats - is unjustified, as the latest generation of security software uses multiple methodologies to spot various types of attacks.

The analysis - `From Brain to Flame: Myths, Facts, and the Future', which was written by the firm's research director Randy Abrams - follows in the wake of several quantitive, but critical reports from the research firm that have analysed the various entry-level and mid-range AV packages available.

According to NSS Labs, whilst it is true that purely signature-based AV scanners are extinct, the research firm says that AV is constantly evolving, based on the premise that the future can be predicted through knowledge of the past. 

"The AV industry has evolved beyond static signature technology," says Abrams in his report, adding that the AV industry also has significant experience in remediation - with the organic development of technology and the adoption of existing technology becoming part of the continuing evolution of this segment of the security industry.

Historic indicators suggest a strong probability that EPP (End Point Protection) vendors will soon offer BDS (Breach Detection System) products.

Recommendations

Against this backdrop, Abrams' report recommends that IT professionals in organisations need to become familiar with current EPP technological advancements, as well as understanding the strengths, weaknesses, and scope of current security products in the end-point space.

The analysis also recommends that companies need to evaluate new technologies that complement EPP - but adds that users need to understand that APTs (Advanced Persistent Threats) such as Stuxnet and Flame have been added to the requirements of effective EPPs.

NSS Labs says that APTs and the more common TPAs (Targeted Persistent Attacks) are designed to evade all pro-active and defensive protection technologies across the landscape of the security industry.

As a result, the report says that APTs and TPAs have relegated security products to reactive detection and remediation. 

Does this mean that the days of single layer security systems - from a single vendor - are now past?

SCMagazineUK.com put this question to Rob Bamforth, principal analyst with  business research and analysis house Quocirca. He said that most organisations should now be moving to a multi-layered security strategy, mainly because users - and the devices they use - have become a lot more mobile.

He says that the use of multiple layers of security - rather a single AV application - is also being driven by the need to route a lot of traffic from mobile devices back through the company network to better defend against security attacks.

"If you were a Black Hat, you'd put most of your effort into attacking further back in the network - via the weakest link," he said, adding that there is now a clear need to put protection in at all levels, and not just at the edge of a network, as has been the case previously.

One interesting effect of routing IP traffic back through the corporate network, says Bamforth, is a potential increase in latency, especially where traffic is routed from mobile devices, which means that organisations also need to be a lot more discriminatory as to the type of network traffic routed back to base than before.

"The downside here is that cost of handling all this traffic does start to rise," he noted.

Bamforth's comments were echoed by Keith Bird, UK managing director of security vendor Check Point, who said that AV  has improved enormously over the years, but it needs to be just one layer in an overall security solution.

"New exploits and zero-days continue to surface because they can avoid being detected by traditional AV, which is why techniques such as sand boxing and threat emulation are being adopted," he said, adding that this approach can vet files - and common email attachments - either in the cloud or on the network gateway, so preventing infections from reaching the network.

Sign up to our newsletters