March 27, 2013, 10:48 AM — Security threats abound in the enterprise. Today's IT security professionals must worry about malware, spyware, hackers, DDoS attacks, hijacked USB drives, spies, cyberwar and other vulnerabilities too numerous to mention.
Fortunately, technological innovations are emerging to help block these types of attacks. Companies such as Seclore, for example, offer services that are designed to protect not just the delivery of documents outside an organization, but controlling how long someone has access to those docs. With new kill-chain tactics, meanwhile, a start-up such as CloudStrike says it can determine not just the nature of a new attack but also develop a profile of the attacker.
These innovations, along with four others, described below might be the answer to a common dilemma: Relying too long on the standard security techniques that a large company installed long ago.
Seclore: Controlling When, How Information Can Be Accessed
Security inside an organization is one thing. Protecting documents and files in the perimeter that's outside the firewall is a greater challenge. Enter information rights management, also known as enterprise rights management; this typically uses encryption, rights policies, full auditing and other security tools to protect sensitive information. IRM tools such as Seclore protect "who, what and when" policies for documents. One critical Seclore feature: IT can also control how long a document is in the hands of someone outside the company. Daimler, Panasonic and Fugro use the service.
TaaSERA: Analyzing Communication Patterns of Malware
It takes more than a clever product name to block malware attacks. TaaSERA does have a clever name-it means Trust as a Service-but the inner working of the detection engine should appeal to CSOs everywhere. The analyzer is what you might call "zero minute" detection; it looks for trace signs of a new malware agent such as the tell-tale signs of infection. The service goes beyond the signature-based security tools that block known viruses, though, using "correlated sequence of inbound exploits, binary downloads, command and control communication and outbound scans" to diagnose malware attacks.
CrowdStrike: Introducing Kill-Chain Tactics
In any war, it's important to know your enemy. While CrowdStrike remains in private beta and will debut this fall, the cloud provider uses a novel approach. The idea is to go on the offensive: The firm's technology analyzes the attacker and develops a model based on what an attacker is trying to do and the tools it is using. This tactic, known as a kill-chain, helps a company strategize about and defend against a known attacker. It can also turn the tables on an attacker by first pinpointing its identity and intent and then "creating doubt and confusion" that ties up resources and denies it access to the information it wants.
Trusteer Apex: Behavioral Whitelisting
In addition to the kill-chain tactic, in which you learn about the attacker and the exploits he uses, another emerging tactic has to do with checking for application vulnerabilities. Many companies spend most of their efforts on signature-based protection and zero-day patches. Trusteer Apex takes a novel approach because it analyzes what an application is doing, and why it's doing it, to determine if it's exposed to threats and block those gaps. If there is an attack, Apex also blocks the malware from communicating back to the Internet.
Veracode: Vendor Application Security Testing
Last year, analyst firm Quocirca found that 65% of the applications at large companies are from third-party vendors. While enforcing security policies for internal apps is more of a known quantity, compliance with vendors is not as controllable. Veracode VAST is a tool for verification and validation of security compliance for third-party vendors. The reporting tools do not access code directly, but it does analyze behaviors that could pose a potential threat. From there, it verifies whether a vendor's app meets an enterprise's security policies.
Seculert: Big Data Analytics of All Security Activity
Getting the big picture on a massive data store is next to impossible. Big data analytics company Seculert uses the Hadoop programming framework and Amazon Web Services to analyze data stores for threats. This makes for quick, inexpensive deployment. Data is ingested in massive quantities and analyzed by botnets in the cloud, using techniques such as honeypots and crawlers. If an infection occurs at one organization, Seculert can alert companies that might also be in danger.
John Brandon is a former IT manager at a Fortune 100 company who now writes about technology. He has written more than 2,500 articles in the past 10 years. You can follow him on Twitter @jmbrandonbb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.
Read more about cybercrime in CIO's Cybercrime Drilldown.