A recent survey suggests that over half of IT professionals* now recognise the dangers of targeted attacks, but despite this awareness those surveyed are worryingly uncertain of their ability to deal with them.
The problem is the continued overreliance on antivirus (AV) technologies, with a staggering 92%* of those surveyed relying on traditional AV to protect their servers. The temptation to rely on AV is understandable: in an over –worked IT department any set-up-and-go system has appeal. But in an era that is increasingly dominated by the Advanced Persistent Threats, relying on AV is not just complacent it is ill-judged.
However, the good news is that some organisations are now recognising the benefits of File Integrity Monitoring (FIM), with 37% of organisation surveyed claiming to be using it. FIM is proven to radically reduce the risk of security breaches; indeed it is a core recommendation of the PCI DSS and other security standards. It raises an alert related to any change in underlying, core file systems – whether that has been achieved by an inside man or an unwittingly phished employee introducing malware, or some other zero day threat blasting unrecognised through the AV.
To date too many organisations have failed to implement FIM for fear of the additional work load created by a system that flags every single unauthorised change – a fact that says rather too much about the anarchic attitudes towards change management endemic within most organisations. For organisations with robust change management processes, with clearly defined patch windows and no changes made without request and authorisation, implementing and running FIM is a breeze: the only time alerts are flagged are when actual security concerns arise.
Organisations need to safeguard data- the threat is stealthy and targeted. It is time not just to pick the right battle – but to arm the business with the right defences. And the ‘If it’s not broke, don’t fix it’ attitude to traditional AV must be changed if organisations are to fully safeguard against the increasing ranges of threats out there today.
Mark Kedgley, CTO, New Net Technologies
*
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.