It is hard to imagine a world in which we didn’t use the Internet at work. 15 years ago, it was a luxury. Today, Internet use at work is mission-critical. We’ve evolved from casually getting online to search for basic information about a company to doing such critical things as accessing webmail, posting to and monitoring social media and transferring and storing files in the cloud.
Unfettered Internet access at work has empowered us to defy geographical and time constraints to communicate with colleagues, vendors and customers located around the globe, develop content and code, and share real-time 24 x 7. It also allows us to shop, gamble, chat with friends, check bank balances and pay bills at work and generally “cyber loaf” on the company network, to the tune of US $178 billion in lost productivity annually, according to U.S. security company Websense. According to IDC, 30 to 40% of Internet access is now spent on non-work related browsing, and 60% of all online purchases are made during working hours.
The prevalence of smartphones and social media and our evolution into an “always on” society have further blurred the lines between personal and professional lives, bringing our privacy into question and leaving lawmakers dumbfounded as to how to govern personal privacy in light of these changes.
Absent legislation that helps companies navigate this new reality, in an effort to curb employees’ increasing amount of personal time they spend online at work, some companies have implemented monitoring systems that leave employees feeling watched and mistrusted, without really solving the problem of protecting the company network.
The good news is that incorporating individual protection into your risk management strategy can actually make your organizationMORE secure. By championing employee privacy, you can empower individuals to become personally accountable for their decisions online and engage them in protecting the organization. You can achieve this by separating personal and work assets and providing employees a private portal to conduct their personal online business at work. By isolating personal browsing from the corporate network, employees can surf and communicate freely and securely, while corporate assets are shielded from employee activity.
In this latest of our lightboard sessions, Warby Warburton shows how the seamless integration between VMware NSX and our VM-Series virtualized Next-Generation Firewalls allows you to automate security provisioning, inclusive of firewall services and associated security policies, as a means of segmenting your virtual machines using Zero Trust principles.
Watch below to better understand next-generation security that will keep pace with your virtualized data center:
For more on Palo Alto Networks integration with VMware
The Cybersecurity Canon is official, and you can now see our website here. We modeled it after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have 20 books on the initial candidate list but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review: Spam Nation: The Inside Story of Organized Cybercrime from Global Epidemic to Your Front Door (2014) by Brian Krebs
Executive Summary
In Spam Nation, Brian Krebs covers a key portion of our cybersecurity and cyber crime history: 2007–2013, that period when we started to learn about the Russian Business Network, bulletproof-hosting providers, fast-flux obfuscation, criminal best business practices, underground cyber crime forums, and strange-sounding botnet names like Conficker, Rustock, Storm, and Waledac.
This period just happens to coincide with Krebs’s rise in popularity as one of the leading cybersecurity journalists in the industry. His relationship with two competitive pharmaceutical spammers—Pavel Vrublevsky and Dimitry Nechvolod—is a big bag of crazy and is the key storyline throughout the book. The competition between Vrublevsky and Nechvolod escalated into something that Krebs calls the Pharma Wars and Krebs gives us a bird’s-eye view into the details of that escalation that eventually destroyed both men and the industry they helped to create. Krebs’s weird symbiotic relationship with Vrublevsky is worth the read by itself. Spam Nation is definitely a Cybersecurity Canon candidate. It’s just out today, so I won’t say you should have read this by now – but get on it as soon as you can.
Introduction
I have been a fan of Brian Krebs for many years. His blog, Krebs on Security, has been a mainstay of my reading list since he started it in 2010, and even before when he was writing forThe Washington Post. Since he struck out on his own, he has carved out a new kind of journalism that many reporters are watching to see how they might duplicate it themselves as journalism transitions from dead-tree printing to new media, and the idea that the author is the brand. Krebs’s beat is cybersecurity, and he is the leading journalistic authority on the underbelly of cyber crime. Spam Nation is a retelling — with more detail and more color — of some of the stories he covered from 2007 until about 2013 on a very specific sub-element of the cyber crime industry called pharmaceutical spam.
Many security practitioners will hear the phrase “pharmaceutical spam” and immediately start to nod off. Of all the problems they encounter on a daily basis, pharmaceutical spam is pretty low on the priority list. While that may be true, this subset of cyber crime is responsible for starting and maturing many of the trappings that we associate with cyber crime in general: botnet engines, fast-flux obfuscation, spamming, underground forums, cyber crime markets, good service as a distinguisher of criminal support services, and bulletproof-hosting providers.
The Story
The story really begins with Krebs’s weird symbiotic relationship with Vrublevsky (a.k.a. RedEye and Despduck). Vrublevsky was a Russian businessman, and cofounder and former CEO of ChronoPay, the infamous credit card processing company that initially got started in the rogue anti-virus industry. I think it is safe to say that in his heyday, Vrublevsky was a bit of an extrovert. He followed Krebs’s blog religiously and would instigate long conversations with Krebs on stories that were fantastical, true, and everything in between. Vrublevsky would feed Krebs half-truths about what was going on in the industry and left it to Krebs to sort it out. Vrublevsky’s downfall was his deteriorating relationship with his former partner, Dimitry Nechvolod (a.k.a. Gugle).
Vrublevsky and Nechvolod founded ChronoPay together in 2003, but by 2006, Nechvolod had left the company to pursue his own interests. He started two pharmacy spam operations called GlavMed and SpamIT. Because of the competition between these two men, the situation escalated out of control, to something that Krebs calls the Pharma Wars, which ultimately scuttled the entire pharmaceutical spam industry, not just Vrublevsky and Nechvolod’s operations, but everybody else’s, too.
Krebs’s main sources of information for this book came from leaked customer and operational databases from these two men. Although Vrublevsky and Nechvolod never admitted it, they both stole the other’s data and leaked it to Krebs. Krebs had many conversations with both Vrublevsky and Nechvolod about their side of the story, and Krebs even traveled to Moscow to interview Vrublevsky personally. From these conversations and other research done by Krebs, we get an inside view of how cyber crime operates in the real world.
Krebs set himself seven research questions:
Who is buying the stuff advertised in spam and why?
Are the drugs real or fake?
Who profits?
Why does the legitimate pharmaceutical industry seem powerless to stop it?
Why is it easy to pay for the drugs with credit cards?
Do customers have their credit card accounts hacked after buying?
What can consumers, policy makers, and law enforcement do [about this cybercrime]?
For the most part, he answers all these questions in the book. I will not spill the answers here, but I will tell you that I was surprised by every single one. I thought I knew this stuff, but Krebs provides the insight and research to make you re-evaluate what you think you know about illegal pharmaceutical spam operations.
Spam Nation is about the Brian Krebs story, too. Traditional journalists reading this book are going to hate the fact the he plays a key role in most everything that he talks about in this book, but it seems inevitable given that Krebs is himself a journalistic brand now. His original reporting on bulletproof-hosting providers operating in the US and elsewhere — the Russian Business Network (RBN), Atrivo, and McColo — became that catalyst that eventually got them shut down. This got him noticed by Vrublevsky and started that weird relationship that ultimately led to Krebs receiving the databases from Vrublevsky and Nechvolod. It also led him to leave The Washington Post and to start Krebs on Security.
In the background, Krebs introduces us to the key players involved in the development and operations of some of the most infamous botnets that have hit the Internet community in recent history:
Conficker worm (author: Severa; infected 9-15 million computers)
Cutwail botnet (authors: Dimitry Nechvolod (Gugle) and Igor Vishnevsky; 125,000 infected computers; spewed 16 billion spam messages a day)
Grum botnet (author: GeRA; spewed 18 billion e-mails a day)
Festi botnet (operators: Artimovich brothers; delivered one-third of the total amount of worldwide spam)
From my reading, Krebs’s unintentional hero of his story is Microsoft. While Vrublevsky and Nechvolod were tearing each other apart and Krebs was trying to sift through what was true and what was not, Microsoft and other commercial, academic, and government organizations were quietly dismantling the infrastructure that these and other illicit operations depended on:
June 2009: 15,000 illicit websites go dark at 3FN after the Federal Trade Commission convinced a northern California judge that 3FN was a black-hat service provider. NASA did the forensics work.
November 2009: FireEye takes down the Mega-D botnet.
January 2010: Neustar takes control of the Lethic spam botnet.
March 2010: Microsoft takes down the Waledac botnet.
October 2010: Armenian authorities take down the Bredolab botnet.
March 2011: Microsoft takes down the Rustock botnet.
July 2011: Microsoft offers a $250,000 reward for information leading to the arrest and conviction of the Rustock botmaster.
July 2012: FireEye and Spamhaus take down the Grum botnet.
July 2013: Microsoft and the FBI take down 1,400 botnets using the Citadel malware to control infected PCs.
December 2013: Microsoft and the FBI take down the ZeroAccess botnet.
June 2014: The FBI takes down of the Gameover Zeus botnet.
One takedown masterstroke came out of academia. George Mason University, the International Computer Science Institute, the University of California, San Diego, and Microsoft determined that 95 percent of all spam credit card processing was handled by three financial firms: one in Azerbaijan, one in Denmark, and one in Nevis (West Indies). They also pointed out that these financial firms were in violation of Visa’s own Global Brand Protection Program contract that required fines of $25,000 for transactions supporting the sale of Viagra, Cialis, and Levitra. Once Visa started levying fines, the financial firms stopped processing the transactions. The beauty of this takedown was that this was not a legal maneuver through the courts and law enforcement. It merely encouraged Visa to follow its own policy.
Cyber Crime Business Operations
For me, one of the most enjoyable parts of Spam Nation is the insight on how these criminal organizations operate. For example, Krebs highlights why pharmaceutical operations have great customer support: they want to avoid the penalty fees associated with a transaction when a buyer of illicit pills charges them with fraud. These are called chargebacks, and pharmaceutical customer support operations avoid them like the plague. These support operations require teams of software developers and technical support staff to be available 24/7.
Pharmaceutical operations have mature anti-fraud measures — equivalent to any legitimate bank’s anti-fraud measures — because they need to keep law enforcement and security researchers out of their business.
Most spammers do not make a lot of money. The top five do, but not everybody else. Krebs points out that it takes a multibillion-dollar security industry to defend against a collection of criminals who do this to make a living wage.
In terms of botnet management, operators rent out top-earning botnets to other operators who do not have the skill to build a botnet themselves. Renters purchase installs and seed a prearranged number of bots with an additional malicious program that sends spam for the affiliate. They pay the rent by diverting a portion of their commissions on each pill sale from spam. Sometimes, that commission is as high as 50 percent. That is why the small-timers do not make any money.
Operators launder their money in a process called factoring. They map their client transactions into accounts on behalf of previously established shell companies. They tell the banks that the shell companies are the true customers. Then the operators pay the clients out of their own pockets.
Russian law allows FSB agents (Federal Security Service, the successor to the Soviet Union’s KGB), while remaining in the service, to be assigned to work at enterprises and organizations at the consent of their directors. Twenty percent of FSB officers are engaged in this protection business called “Krusha” in Russian, which means “roof” and pharmaceutical spam operations use them as much as possible.
Partnerships, called partnerkas, between spammers and dodgy advertisers that act as an intermediary for potential sponsors are essential. In this way, sponsors keep their distance from the illicit aspects of the spam business and can unplug from one partnerka in favor of another whenever they want. Some refer to this as organized crime (think TheGodfather), but it is more like a loosely affiliated network of independent operators.
With all of these best business practices, you can see why the operators do not see themselves as criminals. They are just businesspeople trying to run a business.
The Tech
Cyber crime runs on technology. In the pharmaceutical spam business, some tech is unique, and other tech is shared with other kinds of cyber crime operations. Unique to pharmaceutical spam is a technique called black search engine optimization (Black SEO). Pharmaceutical spammers hack legitimate websites and insert hidden pages (IFrames) with loads of pharmaceutical websites links. The more links that the common search engines like Google and Bing index, the higher the pharmaceutical sites get in the priority list when normal users search for pills online.
Also unique to the pharmaceutical spam business is a good spam ecosystem. It must have the ability to keep track of how many e-mails the system delivered and how many recipients clicked the link. It must scrub e-mail addresses that are no longer active or are obvious decoys and harvest new e-mail addresses for future operations.
Not unique to pharmaceutical spam are the forums. Forums are the glue that allows the loosely affiliated network of independent operators to communicate with each other. Forums are a place that allows newbies an opportunity to establish a reputation and lowers the barriers to entry for a life of cyber crime. There are forums for every language, but most are in English. Members enforce a strict code of ethics so that members who are caught cheating other members are quickly banned. Social networking rankings give members a way to evaluate potential partners. A single negative post may cost an individual thousands of dollars. Because of that, most amicably resolve issues. Sometimes newbies get labeled as a “deer,” or members who unintentionally break one of the forum’s rules. More serious infractions might find a member in the blacklist subforum defending himself or herself from fraud allegations.
New forums start all the time, but some have been in existence for more than a decade, indicating process maturity for self-policing, networking, and rapid information sharing. New forums allow open registration, but mature forums set up various hurdles for membership that are designed to screen out law enforcement and hangers-on. Most have sub-rooms for specialization such as the following:
Spam
Cyber banking fraud
Bank account cash-out schemes
Malicious software development
ID theft
Credit card fraud
Confidence scams
Black SEO
Forums have many members (tens of thousands in some), but they exist to make money for the administrators. Admins offer additional services to improve the user experience. They offer escrow services — a small percentage of the transaction cost held until both sides agree that the other held up its end of the bargain — and stickies — ads that stay at the top of their sub-forums that range in price from $100 to $1,000 per month.
Conclusion
In Spam Nation, Brian Krebs covers a key portion of our cyber security and cyber crime history: 2007– 2013, that period when we started to learn about the Russian Business Network, bulletproof-hosting providers, fast-flux obfuscation, criminal best business practices, underground cyber crime forums, and strange-sounding botnet names like Conficker, Cutwail, Grum, Festi, Rustock, Storm, and Waledac. This period just happens to coincide with Krebs’s rise in popularity as one of the leading cybersecurity journalists in the industry. His story, and the story of two competitive pharmaceutical spammers who eventually destroyed the lucrative moneymaking scheme for all players, is a fascinating read. It is definitely a Cybersecurity Canon candidate.
Not quite ten days after we released our white paper on WireLurker, arrests have already been made in China. WireLurker is a new family of malware specifically targeting iOS devices via USB. There is WireLurker malware for both Mac OS X and Microsoft Windows operating systems.
WireLurker works by looking for any iOS devices connected via USB with an infected OS X or Windows computer. When it detects one, it installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jail broken. This is the reason we call it “wire lurker”.
On November 14, the Beijing Municipal Public Security Bureau announced it had arrested three people in connection with the WireLurker malware. The police received a tip from the Chinese technology company Qihoo 360 and subsequently arrested three individuals, respectively surnamed Chen, Li, and Wang. The third-party app store that had been serving WireLurker, Maiyadi, was also shut down.
The police have not released the suspects’ full names, but several Chinese sources are reporting two of them may be the founders of Maiyadi, Chen Peng and Wang Jian. The third is likely the “Li Fei” whose name appears in the Windows WireLurker code, and had a certificate from Apple used in the iOS version. As noted in an earlier WireLurker blog, these details support the technical analysis that indicated a likely tie between Maiyadi and the malware.
It is not known if the developer previously tracked down and accused of being tied to WireLurker is among those arrested, or whether his claim of innocence is founded. Of note, the Chinese-language forum that originally publicized that developer’s information was served with legal paperwork and deleted the respective content. Interestingly, the lawyer CC’d a Maiyadi email account for Chen Peng when sending the paperwork, one of the individuals who may been arrested. A screenshot of the removal request from the lawyer is below. The two highlighted characters in the CC’d line are Chen Peng.
Figure 1. Removal letter from a lawyer sent to the Chinese-language forum that initially published a possible WireLurker-related developer’s personal information. The characters highlighted in blue on the CC’d line are Chen Peng, a Maiyadi founder possibly among those arrested last week for WireLurker.
We will continue to monitor for WireLurker-related activities and make updates here as appropriate.
The problem with signature based security tools is you are vulnerable until the signature is released and distributed. Palo Alto Networks takes a different approach with Traps, so Network World Editor in Chief John Dix tracked down Palo Alto VP of Product Marketing Scott Gainey for an inside look at how Traps works.
Palo Alto VP of Product Marketing Scott GaineyPalo Alto Networks VP of Product Marketing Scott Gainey
You recently unveiled a new endpoint protection product called Traps. Tell us what that’s about.
If I’m outside of my corporate network operating on an unsecured Wi-Fi network my system is at risk. A simple drive-by-download of embedded malicious content in, say, an iFrame could easily bypass existing anti-virus software, leaving nothing that could protect me from being infected. This is one of many examples that leave endpoints vulnerable. So a complete security architecture has to be able to protect its users regardless of where they may be working, whether they’re on-network or off-network, and that’s one use case that led us down this path of investing in endpoint protection.
Another one is that we see a lot of highly targeted attacks that are utilizing a threat that’s never been seen before and has been designed in such a way that it’s able to evade detection at the network security level. It could be based on a new zero-day vulnerability the attacker will use against a high-value target. Because this is based on an unknown vulnerability it’s missed by IPS/IDS. Our approach is effective at learning from these new attacks and routing new defenses back to the infrastructure so if that type of threat is used again it will be blocked. But if the attacker only uses it once then other areas of defense must kick in to protect an organization.
So those use cases are why we made the investment in Cyvera, and the release of Traps is our first official release of this technology and includes some integration into WildFire, which is our sandboxing technology.
The classic endpoint protection companies that offer antivirus-based protection rely on signatures for defense, which requires prior knowledge of the threat in order to block it. So these vendors have large teams of people who are constantly churning out signatures based on new threats they observe in the wild.
The challenge we saw with that approach is you’re always several steps behind the attacker community. There’s literally millions of forms of new malware that get generated each year. On a daily basis we see an average of over 20,000 new forms of malware. So companies with AV-based solutions have to build signatures against all of those new forms, then distribute those signatures out to all the endpoints. It’s an impossible situation to stay on top of.
Similarly, technologies like discreet intrusion prevention or intrusion detection systems require prior knowledge to protect against vulnerabilities. So if it’s an unknown zero-day based vulnerability, IPS or IDS isn’t as effective. It can only block what it knows.
So when we were looking at making an investment we spent a lot of time in our due diligence looking at the approaches that others use. There are a lot of companies jockeying for the space, knowing the traditional approaches are ineffective.
And we saw two common approaches we didn’t like as far as the new technology goes. The first was container-based tools that are basically designed to wrap a protective barrier around processes so if the process turns out to be malicious in nature the container detects it and shuts it down. But a lot of attackers have figured out how to disable those containers, and they impose a significant amount of resource overhead. So from an efficacy and operational perspective it wasn’t a very viable option.
Then the other approach that concerned us was tools focused on post-attack detection or remediation. You would deploy those to try and identify and isolate systems that were affected and then begin the cleanup process. If people are investing in that as their answer to highly targeted attacks, then they’re effectively waving a white flag, saying I can’t prevent these attacks so I might as well invest money in trying to at least detect them quickly.
We vehemently disagree with that premise. We do think that attacks, no matter how sophisticated, can be prevented. There is no silver bullet in this battle but network security will absolutely continue to play a big role in preventing attacks. But there are some holes that you have to shore up and that’s why we brought Traps to market.
Traps is a technology that, thus far, with the trials that we’ve done with different customers, has proven to be 100% effective against even the most highly targeted, zero-day based attacks.
How does it work?
What we liked about the technology is it’s not focused on the individual threat. Traps really doesn’t care whether it’s known or unknown malware. Traps doesn’t really care about the vulnerability itself. What Traps focuses on is the underlying techniques that an attacker must execute in order to exploit a vulnerability on an endpoint.
Let’s say an attacker found some sort of weakness in a piece of software and intended to use that to exploit the system. The attacker would have to go through a series of well-defined steps to make that happen. It may be three steps, it may be five steps. It depends on the nature of the exploit, but they would have to go through a sequence of steps. With Traps, what we’ve done is built a series blocks against each and every one of those available techniques so the second an attacker tries to employ one they run into a block and their attack is thwarted and the process is shut down. Today there are around two dozen techniques at an attackers disposal.
So let’s say there was a weakness in an Adobe PDF file and someone has initiated an exploit to try and take advantage of that weakness. As they go through the steps of that exploit, they would run into one of our exploit prevention modules within Traps and, as soon as they do, our product will shut down that process and alert the user that an attack was prevented and then also alert the admin. Then we collect a package of forensics, including memory state, etc., and provide it to the admin so they know the details of the attack, what user they were going after, what file they were using, etc.
And it is client based?
Right. Traps is a very thin client that lives on the endpoint itself. One of our criteria was this couldn’t be some big, heavy, resource-intensive type of technology. It literally consumes only 5MB of memory and about a tenth of one percent on average of CPU utilization. And it basically sits on that endpoint and anytime a new process is opened we inject what we call prevention modules into that process. So the second an attacker tries to utilize one of these known techniques they will run into one of our prevention modules and the attack is prevented.
How can you possibly account for all the different approaches that a vulnerability exploit would attempt?
Right now there are a total of 24 techniques that attackers have at their disposal to try and exploit a system, so we have that covered. These techniques are pretty hard science. It’s rare if you see two or three new techniques emerge within a year’s period of time. In fact, in the release that we announced we added three new prevention modules against three new techniques that emerged and those are the first techniques that we’ve seen in two years.
The vast majority of the techniques come out of academia. Someone in academia will be studying different processes, then publish a paper and attackers get a hold of that and, voila, they’ve got a new technique at their disposal. So we’ve been working very closely with academia to make sure that, as these things are being researched, we’re also building prevention modules against them so that when they publish their paper we also have modules built against those new techniques.
I suspect it will probably be another eight to twelve months or so before we see another one of these techniques emerge. They don’t happen that often.
I presume the tool is operating system dependent.
Correct. We support Windows XP, Windows 7 and Windows 8 on the workstation side, and on the server side it’s Windows Server 2003, 2008 and 2012. It sits well below the application stack so it’s independent of the applications themselves. So we support any kind of application that works on top of a Microsoft Windows environment.
In fact, I was talking to an oil and gas company and, while the prevention characteristics of this are very enticing, this guy was excited about the fact we support XP because he had tens of thousands of systems that were still running Windows XP and Microsoft isn’t patching XP anymore. So he was looking at this as a way to extend the lifespan of his Windows XP systems, which is a nice aftereffect. We’re seeing Windows in ATMs, point-of-sale systems, etc.
So that’s the exploit side, what about malware-based attacks?
Right. On the malware side it works similar, only we’ve added a couple of other steps. When it comes to malware-based attacks the process is slightly different. Malware of course doesn’t require a vulnerability exploit in order to run on an endpoint. Often it’s our employees who initiate this process by opening a malicious file attachment in email, clicking on a link that takes that person to a malicious URL or domain, downloading a malicious file from a USB stick, etc.
Traps malware prevention is accomplished in three steps. First, Traps allows admins to create a series of policies on the endpoint that significantly limits the risk of employees inadvertently downloading malware. These are simple policies like – do not allow a user to execute a .exe file sent over email, or from a removable storage device. By establishing the correct policies up front an organizations can reduce the options available for an attacker to get malware to an endpoint.
Second, Traps integrates with WildFire to provide an immediate vehicle to verify whether a file is known to be malicious. Every day WildFire inspects millions of files for new forms of malware. This intelligence is made available to Traps so it can verify whether a particular executable is malicious before allowing it to run on an endpoint. And finally, Traps utilizes malware prevention modules on the endpoint to ensure that the malware never executes.
Are competitors doing anything similar?
The only other company who’s kind of taken this approach is Microsoft themselves. There’s a project that Microsoft had been playing with called EMET and they’re the only ones really today that are focused on a technique-based approach. Microsoft has chosen not to productize EMET, but it’s kind of a skunksworks project, if you will. So really only us and Microsoft are the two that are looking at this from a techniques basis. And the EMET project only supports seven exploit techniques today.
What percentage of the problem do you think this addresses? After all, there’s environments other than Windows and there’s the whole mobility threat. How do you add that up?
Today Traps is focused on Windows-based support which constitutes the majority of endpoints. We plan to expand support in the future based on customer needs.
How do you sell this?
It is sold as a subscription service. So you can buy Traps as a one, three or five-year subscription and, as I mentioned, there is a thin client you have to deploy. It can be deployed through a company’s standard distribution software.
So a per-device fee?
Right now we have two price points, one for workstation and one for server. Then it’s on a tiered structure, with different price bands depending on the total number of deployed endpoints.
One more thing I want to mention. You’ll see us referring to Advanced Endpoint Protection, which we’re defining differently than how others might define endpoint protection today. Many definitions largely align with classic anti-virus capabilities. We think to qualify as an Advanced Endpoint Protection solution you have to be able to block all exploits, whether they’re known or unknown. You have to be able to block all malware, both known and unknown. Forensics remains crucial because there’s knowledge and insight that can be gained to protect the rest of the organization. It has to be very scalable and lightweight. If you’re deploying hundreds of thousands of these clients across endpoints as small as a point-of-sale system, this can’t be a big memory and CPU hog.
And finally, it has to be integrated with the cloud and the network. These worlds are going to collide in a very big way. If you can link the network with the endpoint and the endpoint with the network, there is a tremendous advantage across both fronts when it comes to ultimately bolstering security efficacy. They’re going to see things inherently the others can’t see, and if you can bring that together in terms of some type of sharing relationship, then everything becomes strong together.
Dix helped launch Network World in 1986 after chronicling developments in networking and distributed processing first at IDC (1980-1984), then at Computerworld (1985-1986).
