Automated malware removal fights fire with fire
By Byron Acohido, ThirdCertainty
Hackers are using automated attacks to systematically breach and methodically plunder corporate networks. Startup Hexis Cyber Solutions supplies technologies designed to leverage automation to match the persistence of the intruders.
ThirdCertainty recently sat down with Hexis President Chris Fedde to discuss how Hexis endeavors to remove clearly malicious programs, in near real time. (Answers edited for clarity and length).
3C: How does automation come into play in defending networks?
Fedde: It’s all about high-confidence removal of threats that are in the network, and doing that at computer speed, without a human in the loop. Automation can enable you to get the threat out of the network before it’s done any damage.
3C: Isn’t that what all network defense technologies seek to do?
Fedde: Everybody’s got the same problem: alerts and alarms everywhere. And every time you put in a new security device, you get more alerts, more alarms. The only way to actually address issues is to let a computer make the determination as to whether something is benign or malicious, or something in the middle. Without that automation, there is no solution. You will always have too many alerts and alarms and ghosts for a person to address.
Security & Privacy Weekly News Roundup: Stay informed of key patterns and trends
3C: How does Hexis resolve the complexity?
Fedde: We take advantage of the threat-feed industry. We subscribe to almost 20 different threat feeds that inform us about the known bad actors. We consolidate all that into one threat feed. We send that intelligence to all of the (security) products that our customers are using. So we can tell that in the financial vertical, there are certain kinds of activities going on, and in the health care vertical, there are certain kinds of activities going on.
3C: What recurring patterns do you see?
Fedde: Advanced threats come in, and stay quiet for a while. They just wait until you start ignoring them. Traditional security systems will start to think the anomalous activity is normal and start to ignore it. Once the attackers start believing that you’re comfortable with them in your network, then they start slowly doing other things to compromise your network.
Less sophisticated threats come in and start making a lot of noise right away. They do things fast, they move around, they’re anxious to see what they can do very quickly inside your network.
You really have to watch for those advanced threats over time. All the while, you’ve got all this other churn going on from less sophisticated threats making a lot of noise. An automated system can watch both extremes and clear those out of the alert system.
3C: Sounds like Hexis wants to be the brain for data feeds generated by legacy security systems.
Fedde: We’re additive. This year we are introducing the ability to bring in alerts and alarms from other companies’ products. So you may have FireEye, which is a great product, or a Palo Alto Networks, another great product, both developing alerts and alarms. Somebody’s got to tend to those. So we’re putting those alerts into the automated decision-making process and what comes out of that is action. We are finding and removing threats that we find, and we’re finding and removing threats that other products find.