Automated malware removal fights fire with fire

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Hack­ers are using auto­mat­ed attacks to sys­tem­at­i­cal­ly breach and method­i­cal­ly plun­der cor­po­rate net­works. Start­up Hex­is Cyber Solu­tions sup­plies tech­nolo­gies designed to lever­age automa­tion to match the per­sis­tence of the intruders.

Third­Cer­tain­ty recent­ly sat down with Hex­is Pres­i­dent Chris Fed­de to dis­cuss how Hex­is endeav­ors to remove clear­ly mali­cious pro­grams, in near real time. (Answers edit­ed for clar­i­ty and length).

3C: How does automa­tion come into play in defend­ing networks?

Chris Fedde, Hexis Cyber Solutions president
Chris Fed­de, Hex­is Cyber Solu­tions president

Fed­de: It’s all about high-con­fi­dence removal of threats that are in the net­work, and doing that at com­put­er speed, with­out a human in the loop. Automa­tion can enable you to get the threat out of the net­work before it’s done any damage.

3C: Isn’t that what all net­work defense tech­nolo­gies seek to do?

Fed­de: Everybody’s got the same prob­lem: alerts and alarms every­where. And every time you put in a new secu­ri­ty device, you get more alerts, more alarms. The only way to actu­al­ly address issues is to let a com­put­er make the deter­mi­na­tion as to whether some­thing is benign or mali­cious, or some­thing in the mid­dle. With­out that automa­tion, there is no solu­tion. You will always have too many alerts and alarms and ghosts for a per­son to address.

Secu­ri­ty & Pri­va­cy Week­ly News Roundup: Stay informed of key pat­terns and trends

3C: How does Hex­is resolve the complexity?

Fed­de: We take advan­tage of the threat-feed indus­try. We sub­scribe to almost 20 dif­fer­ent threat feeds that inform us about the known bad actors. We con­sol­i­date all that into one threat feed. We send that intel­li­gence to all of the (secu­ri­ty) prod­ucts that our cus­tomers are using. So we can tell that in the finan­cial ver­ti­cal, there are cer­tain kinds of activ­i­ties going on, and in the health care ver­ti­cal, there are cer­tain kinds of activ­i­ties going on.

3C: What recur­ring pat­terns do you see?

Fed­de: Advanced threats come in, and stay qui­et for a while. They just wait until you start ignor­ing them. Tra­di­tion­al secu­ri­ty sys­tems will start to think the anom­alous activ­i­ty is nor­mal and start to ignore it. Once the attack­ers start believ­ing that you’re com­fort­able with them in your net­work, then they start slow­ly doing oth­er things to com­pro­mise your network.

Less sophis­ti­cat­ed threats come in and start mak­ing a lot of noise right away. They do things fast, they move around, they’re anx­ious to see what they can do very quick­ly inside your network.

You real­ly have to watch for those advanced threats over time. All the while, you’ve got all this oth­er churn going on from less sophis­ti­cat­ed threats mak­ing a lot of noise. An auto­mat­ed sys­tem can watch both extremes and clear those out of the alert system.

3C: Sounds like Hex­is wants to be the brain for data feeds gen­er­at­ed by lega­cy secu­ri­ty sys­tems.

Fed­de: We’re addi­tive. This year we are intro­duc­ing the abil­i­ty to bring in alerts and alarms from oth­er com­pa­nies’ prod­ucts. So you may have Fire­Eye, which is a great prod­uct, or a Palo Alto Net­works, anoth­er great prod­uct, both devel­op­ing alerts and alarms. Somebody’s got to tend to those. So we’re putting those alerts into the auto­mat­ed deci­sion-mak­ing process and what comes out of that is action. We are find­ing and remov­ing threats that we find, and we’re find­ing and remov­ing threats that oth­er prod­ucts find.

More on emerg­ing threats
Cor­po­rate use of cloud apps spikes risk of breaches
Word­Press emerges as a cyber­crime hotbed
Mali­cious ads pose insid­i­ous, elu­sive threat