Blended, sophisticated and complex threats are emerging as major challenge to almost all IT heads of organizations, irrespective of size. Author in this article has discussed the nature of the blended attacks and few preventive measurements, in brief.

A threat which involves combination of attack techniques is termed as “Blended Threats”. For example: A Phishing email asking users to update their account information could not only capture user’s credentials but also the phishing website may contain malicious code which when downloaded onto user’s PC via Drive-By-Download or installable file will turn user’s PC into a Zombie . This Zombie could then be used to further launch “ DDOS” attacks across networks or could act as “Spam relay” in further relaying Spam messages .

Often small enterprises put an emphasis on having reputed Anti Virus and Anti Spyware on all desktops and they feel that their users are safe. In fact I have seen Information Security Policies of many organizations still mandating on simply having Anti Virus / Anti spyware in their organization for all computing platforms. Although these solutions are good enough for preventing viruses, spywares, worms, they may not be effective in tackling blended threats.

In most of the enterprises, employees access various applications via port 80 and port 443. These ports are explicitly allowed ports in the network. What if any malicious code (say key-logger )is flowing through this pipe disguising as genuine file transfer . In such situations, plain vanilla AV / Anti Spyware solutions may not help although it is updated recently.

Approach to counter blended threats (Integration of People-Processes & Technology)

There is nothing like Defense-In-Depth. I would recommend following things to contain blended threats

1. Educate users on viruses, it’s adverse impact on their computing platforms. They need to be educated continuously via Information Security Portal, via Online quizzes, Notice boards etc ,

2. Setup best processes in the form of practically implementable security policies, procedures, enforcement & compliance of policies , develop Information Risk Management Framework so as to continuously assess risks to your computing platforms

3. Deploy Stateful firewall with DPI (Deep Packet Inspection) feature enabled.

4. Deploy NIPS (Network Intrusion Prevention System) to prevent malicious codes in the real time

5. Installation of good End Point Security software which has a capability to counter Spyware, viruses, adware etc.

6. Organization should have “Secure Gateway” products to prevent potential malicious websites /contents / URLs from being accessed.

New flavor

1. SaaS: Software as a Service (Cloud Based approach)

A new kid on the block, where the entire infrastructure is hosted in the cloud. You have to just point your web gateway to one of the nearest cloud server and it is supposed to ensure that malicious codes are prohibited in your network.

Some of the advantage of this model is

a) Best suited for distributed environment

b) Cost saving as there is no capital expenditure

Disadvantage:

a) Security of your information

2. Reputation Based Model

In the recent past, some approaches in the form of “Secure Web Gateway” with Captive ( On premise) based and Managed Security Service ( MSS) have come up where these agencies stresses upon a new approach of reputation based services to tackle blended threats .

They take into consideration IP reputation, Domain Name reputation, hosting country reputation, etc and based on that, it allows / disallows the contents. This approach is also become popular now-a-days along with traditional methods as discussed above.

Which approach to choose depends upon individual organization’s approach, budget and risk apetite? It is always true—“100% security is a myth”.

—By: Sameer J Ratolikar, Chief Information Security Officer, Bank of India. He can be reached at: sameer.ratolikar@bankofindia.co.in