Last year the South Carolina Department of Revenue found that a hacker had used a \u201cspear-phishing\u201d attack to install at least 33 unique pieces of malicious software and utilities on the department\u2019s servers to steal financial data. In another headline-grabbing security breach a year ago, hackers from Eastern Europe stole the Social Security numbers of as many as 280,000 people from Utah Department of Health databases, an incident that quickly forced state CIO Steve Fletcher\u2019s resignation. The Alexandria, Va.-based company is one of a new generation of network threat detection and response companies that have sprung up over the last few years to complement traditional anti-virus and data loss prevention approaches that \u2014 although still necessary \u2014 are inadequate to cope with new types of targeted attacks. Indeed, a post-breach investigation of Chinese hackers\u2019 cyberattack last year on The New York Times\u2019 computer systems uncovered that anti-virus software found only one of the 45 different pieces of malware planted on The Times\u2019 systems during a three-month period.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Local and state government offices that may not see themselves as prime targets for theft of intellectual property or financial information can be used as the weak link to get at financial institutions, Ling said.<\/p>\n
The business models of large anti-virus vendors such as Symantec and McAfee incorporate everyone who has a computer, because perimeter defense is an important aspect of protection and is mandated by many federal regulations, including the Health Insurance Portability and Accountability Act (HIPAA).<\/p>\n
<\/p>\n
As with other vendors, FireEye\u2019s starting point is that malware threats evolve so quickly that the traditional protection model is antiquated, explained Phillip Lin, director of product marketing.<\/p>\n
<\/p>\n
\u201cWhen we were working for McAfee, we investigated large breaches such as Aurora,\u201d recalled Dmitri Alperovitch, a CrowdStrike co-founder and former vice president of threat research at McAfee.<\/p>\n
<\/p>\n
Based in Orange County, Calif., CrowdStrike was founded in 2011 by George Kurtz, the former worldwide CTO of McAfee; Alperovitch; and Gregg Marston, who worked as chief financial officer of Foundstone Inc., a cybersecurity forensics firm that Kurtz sold to McAfee.<\/p>\n
<\/p>\n
Mike Maxwell, director of Symantec\u2019s state and local government organization, said anti-virus continues to be an important tool for containing and blocking malware, but other approaches are necessary to complement it. This makes it difficult for traditional \u2018signature-only\u2019 anti-virus approaches to keep up with these evolving threats,\u201d he explained in an email response to questions from Government Technology. But it also builds a list of bad stuff such as the application is communicating with a known bad IP address or it is attempting to insert files in other common load points, such as the registry, removable storage or file system, so this may be suspicious activity that would be blocked, logged or alerted based on configured policy.<\/p>\n
<\/p>\n
Yet Howard said he has seen real change during the past few years: More organizations are moving away from denying that they are under attack; instead they are trying to figure out how they can limit the damage.<\/p>\n
<\/p>\n
Booz Allen Hamilton\u2019s Ling said that although these new companies may be good at what they do, it\u2019s difficult to create a business model around any one aspect of protection, and a chief information security officer may not want to create a mix-and-match solution, because then the risk is assumed by the decision-maker, not the solution provider.<\/p>\n
<\/p>\n