As a security professional for the past decade, I've seen quite a few evolutions in the threat landscape over the years- as I imagine have most of you. Does the following sound familiar and recent to you?
First came enterprise-class anti-virus (AV) tools, then desktop firewalls and anti-spyware protection. With each technical advance, however, would-be attackers changed their tactics -- or morphed the latest virus or Trojan just enough for it to sail past the defenses. It's reached the point where AV and spyware just don't seem able to cope with the newest threats.
The latest problem is the zero-day attack, which is an exploit that takes advantage of a software vulnerability unknown to security professionals. Because it's an unknown bug, no virus and spyware signature updates have been issued yet to thwart the malware so it penetrates deep into the enterprise, causing damage for days, if not weeks, before a fix is available.
It sure does to me, yet it was written 8 years ago in order to make the case for host intrusion prevention. An important technology advancement in 2006, it quickly became just another feature of most endpoint protection platforms as noted in the Gartner Magic Quadrant for Endpoint Protection in 2007- "Basic component technologies in EPP suites include antivirus, antispyware, HIPS and a personal firewall."
Having watched (and even helped) many great new technologies- antispam, antispyware, HIPS, DLP, Encryption and more- move from the latest point product to an integrated feature working in conjunction with other components, I was pleased to see many enterprise decision makers (likely with more experience than I) jumping to the same conclusion in regard to advanced malware and sandboxing.
In fact, we recently commissioned Forrester Consulting to conduct a survey of security practitioners and they found that "Today, customers want NGFWs that do more than firewalling and IPS/app control; they want gateways that fight advanced threats like zero-day malware and respond to new cybercriminal tactics such as encrypting payloads or stolen data inside of an SSL tunnel." And specifically, the #1 feature respondents look for in a next generation firewall is advanced threat detection capability (ie. sandboxing); cited by more than 2/3 of folks.
What this means to me is:
1) Organizations are, rightly, concerned about the breaches that have been reported this past year in particular and are looking to committed NGFW projects as a way to increase security posture
2) Organizations are looking to combine prevention (like antimalware) with detection (sandboxing) to help reduce risk
3) Organizations are, generally speaking, not just rushing out yet again to buy the latest shiny new thing, instead viewing it as an extension of an established security control
This is all encouraging progress from my early days in the security industry. To read the full survey report- including project drivers, requirements and decision criteria- register here. And please do share your comments.