Local and state government offices that may not see themselves as prime targets for theft of intellectual property or financial information can be used as the weak link to get at financial institutions, Ling said.
The business models of large anti-virus vendors such as Symantec and McAfee incorporate everyone who has a computer, because perimeter defense is an important aspect of protection and is mandated by many federal regulations, including the Health Insurance Portability and Accountability Act (HIPAA).
As with other vendors, FireEye’s starting point is that malware threats evolve so quickly that the traditional protection model is antiquated, explained Phillip Lin, director of product marketing.
“When we were working for McAfee, we investigated large breaches such as Aurora,” recalled Dmitri Alperovitch, a CrowdStrike co-founder and former vice president of threat research at McAfee.
Based in Orange County, Calif., CrowdStrike was founded in 2011 by George Kurtz, the former worldwide CTO of McAfee; Alperovitch; and Gregg Marston, who worked as chief financial officer of Foundstone Inc., a cybersecurity forensics firm that Kurtz sold to McAfee.
Mike Maxwell, director of Symantec’s state and local government organization, said anti-virus continues to be an important tool for containing and blocking malware, but other approaches are necessary to complement it. This makes it difficult for traditional ‘signature-only’ anti-virus approaches to keep up with these evolving threats,” he explained in an email response to questions from Government Technology. But it also builds a list of bad stuff such as the application is communicating with a known bad IP address or it is attempting to insert files in other common load points, such as the registry, removable storage or file system, so this may be suspicious activity that would be blocked, logged or alerted based on configured policy.
Yet Howard said he has seen real change during the past few years: More organizations are moving away from denying that they are under attack; instead they are trying to figure out how they can limit the damage.
Booz Allen Hamilton’s Ling said that although these new companies may be good at what they do, it’s difficult to create a business model around any one aspect of protection, and a chief information security officer may not want to create a mix-and-match solution, because then the risk is assumed by the decision-maker, not the solution provider.
Link: http://www.govtech.com/security/Cyber-Responders-Seek-New-Ways-to-Respond-to-Cyberattacks.html