The ever growing need for faster protection time

By Dan Maier, Vice President of Marketing, Cyren.

  • 7 years ago Posted in
Today’s Internet threats are faster and stealthier than ever, as attackers leverage advanced cloud automation and evasion techniques to bypass cyber defences. Perimeter security appliances and endpoint clients are increasingly too slow to stop these attacks, leaving companies vulnerable for hours, days, or even weeks to these types of attacks. In fact, many vendors appear to have conceded that they can’t stop threats at the perimeter, and have moved their focus to detection of threats after they’ve entered the network.  Here at Cyren we certainly feel that “defence in depth” continues to be the correct security philosophy and strategy, and of course the best form of defence is prevention. But that said a new approach to prevention is needed, one that performs fast enough to counter threats before they even reach users.
 
At its root cause, the problem lies in the legacy on-premise/appliance-based security architectures that have been put in place over the past 10 years. As the world has changed, with data and applications moving to the cloud and users working remotely outside the office, an on-premise security perimeter has become more and more problematic. With a limited scope of visibility to threats, the need for external periodic updates, and limited CPU cycles, on premise appliances struggle to deliver the depth and breadth of protection needed. Unfortunately this legacy approach will never perform fast enough to keep up with the increasing pace of innovation, automation, and evasive tactics we’re seeing demonstrated every day by cyber attackers.
 
In our opinion, the best way to deliver protection that is fast enough is to move security into the cloud. This cloud-based perspective provides two critical advantages:
 
·         Visibility – earliest visibility to emerging threats coupled with real-time shared threat intelligence across all the users in a security network
·         Scale and Performance - the ability to apply cloud-scale computing across a shared multi-tenant infrastructure delivers virtually unlimited throughput
 
In fact here at Cyren, we are moving strongly in this direction. Cyren has built out the world’s largest security cloud over the past 20 years, processing over 17 billion email, web and DNS transactions every day with a streaming architecture that allows us to detect threats as they emerge on the Internet, before they reach users. This global detection cloud powers our “front end” Security-as-a-Service offerings, including web security gateway, email security gateway, DNS security, and cloud sandboxing. These services provide inline blocking of cyber threats globally within seconds, delivering the industry’s fastest time to protection.
 
A bold claim you might say but fast time to protection is absolutely critical and this is what we have focused our time on over the years.  I will leave you with a few figures to emphasize the point.  Below are some statistics that provide some data to help paint a picture of the challenges facing the cyber security industry today.

 
Malware is faster and stealthier than ever…
Statistic
Category
Description
Source
1 minute
40 seconds
Phishing
The median time for the first user of a phishing campaign to open the malicious email
Verizon 2016 Data Breach Investigation Report, page 18
3 minutes
45 seconds
Phishing
The median time for the first click on the malicious attachment for a phishing campaign
Verizon 2016 Data Breach Investigation Report, page 18
50% opened
Phishing
The number of users that open e-mails and click on phishing links within the first hour of an attack.
Verizon 2015 Data Breach Investigation Report, page 13
Less than 2 hours
Phishing
Average duration of 25% of all malicious phishing URLs
Cyren analysis, Phishing Threat Report, August 2016
5 million uniques/hour
Ransomware
The Jaff ransomware outbreak that started on May 8, 2017, powered by the Necurs botnet, was delivering 5 million unique emails with 5 million unique ransomware attachments every hour (65 million emails over 13 hours).
Cyren Security Lab
37%
Malware
Cyren’s security researchers  have found that HTTPS is now utilized for the distribution of 37% of all malware
Cyren Security Lab, <SSL webinar link>
97% unique
Malware
Nearly 97 percent of malware encountered on users' computers is unique, as criminals automatically generate variants in order to stymie defensive software.
 
 
Traditional security architectures are not fast enough to stop today’s threats…
Statistic
Category
Description
Source
42.86 hours
Signatures
The average time it took for the leading anti-virus vendors to release a signature for over 100 different pieces of “in the wild” malware analyzed during the month of April, 2017
·         AV-Test.org
·         Cyren analysis
83% fail
Web Security
Percentage of users who failed Cyren’s Web Security Diagnostic test for Zero Day Malware (malware identified in the past 24 hours)
Cyren, May 19 – June 2, 2017 (15 days)
91% fail
Web Security
Percentage of users who failed Cyren’s Web Security Diagnostic test for Zero Day Phishing (phishing URLs identified in the past 24 hours)
Cyren, May 19 – June 2, 2017 (15 days)
14 hours
Threat Detection
Cisco products achieved a median TTD (time to detection) of 14 hours for the period from November 2015 to October 2016
Cisco 2017 Annual Cybersecurity Report, pg. 33
15-30 minutes
Firewall
New antivirus content updates are released by Palo Alto Networks on a daily basis. New WildFire antivirus signatures are published 15?30 minutes after new malware is discovered.
By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
By Stuart Green, Cloud Security Architect at Check Point Software Technologies.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.