Proving the point of targeted attacks
Malware hits the Mac but is it worth worrying about?
Last week I had the opportunity to meet with Proofpoint CEO Gary Steele for the first time in a few years.
Still a well-known name in the web gateway business, Steele talked about recent technology additions and its own work in detecting threats.
Recently Proofpoint highlighted a threat called ‘Long Lining', which Steele called "mass customisation and sending volumes of messages". The concept is industrial-scale phishing, which is not as targeted as advanced persistent threats (APTs) or at any particular entity, but with tens of thousands IP addresses marked by the attacker.
Steele said: “This creates problems for signature-based systems as no two pieces of malware look the same. We ran 900,000 messages through 46 anti-virus engines and only four were able to detect it. Anti-virus scans many times but this is customised.
“There is no doubt that anti-virus is still important and you need defence in-depth, but the struggle is not going away.”
Proofpoint launched Targeted Attack Protection technology (TAP) last year, and Steele said this solution can trap a threat in a cloud-based sandbox, rewrite the URL in the cloud and determine its authenticity and behaviour.
He said: “We see that APT is what users are concerned about, as we are talking about something topical and we are seeing market acceptance.”
Steele cited a significant rise in Q4 for the company after its initial public offering (IPO) last year. “We are seeing rapid acceptance and adoption of our technology. Malware is not about scale, it is about the user and quickly you realise it and take it down,” he said.
I asked Steele how this concept differs from standard phishing, he said that those messages are not very good and a spear phishing message is harder to discern as a malicious URL can look like a legitimate one.
“The frequency is a ten per cent success rate, which may not sound like much but when 100 are sent out, then ten have clicked on it, so this shows the effect. I think that this is a grey area that is getting interest,” he said.
The company also announced a partnership with Box to offer internal security and provide data loss prevention to manage security within the online storage system.
I asked Steele if he felt that cloud and data protection could ever co-exist, as highlighted at the recent SC Magazine conference on data protection. He said that he agreed that not enough people ask the right questions, and you should get the cloud provider to sign up to a deal that the user can negotiate with.
In a different angle, I asked Steele how he felt he could have dealt with the Bit9 attack and as a CEO, how we would have responded. He said: “We would let out customers and partners know as we share with them in real-time using Big Data and sandboxing to warn people about not going to malicious sites. As we sandbox everything, we can say ‘we see this and give the security team visibility and the nature of it'.
“We have an understanding of it and we give knowledge to the IT team and share that out. A good example is we see something and block it and inform the IT team.”
Following the lead of other vendors, Proofpoint has seized upon the targeted attack threat as something to market and wrestle with and with public ownership and a strong lead in the gateway market, perhaps it could be a good year for the company.