A major challenge facing security vendors today is that most solutions and products are developed based on knowledge of previous threats that already exist. This makes many security solutions reactive by their very design, which is not a tenable strategy for facing the volume of new attacks and strategies arising today.
This arms race of identifying new threats, then reacting has been the primary strategy since the dawn of malware: A new virus is identified and then security vendors write the antivirus signature to block it; a polymorphic virus breaks loose and vendors build unpackers and emulators to detect the malicious code.
The biggest problem with this approach is that cybercriminals are attempting to overwhelm security vendors with the sheer volume of new threats and malware variants arising every day, many of which security professionals are unaware of until it is too late.
For instance, the below graphs show the number of attempted hits and worldwide distribution of the secondary exploit used in the WannaCry attack (CVE-2017-0144) that were blocked by Fortinet.
You can see the number of hits spiked to over 7 million and impacted most of the planet within days before trailing off as security firms tightened their defenses and companies updated their software.
Now compare that to the 22 million attempted hits for the DoublePulsar tool that WannaCry used as the primary vector for attack.
That’s nearly 30 million attempted hits within a day for just the two attack vectors used by WannaCry.
Compounding the volume and complexity of today’s threat landscape, security solutions need to continually protect against a growing list of known vulnerabilities, many of which are over a decade old and are still being successfully exploited.
Ultimately, organizations need to consider a new approach to their cybersecurity strategy – one that provides layered defenses capable of spanning the entire attack surface and automates traditional defensive measures with highly integrated and advanced proactive security systems.
WannaCry is a prime example of an automated and devastating malware variant that provides insight into what it takes to successfully defend today’s networks against cyber outbreaks. As such, below is a high-level overview demonstrating the various ways that the Fortinet Security Fabric integrates and automates multi-layered protections to defend organizations from both existing and novel attacks like WannaCry:
Given the growing sophistication of cyberattacks, it is easy to understand that within a couple of years it will be impossible for a business to have an online presence without building a full-fledged security architecture from the ground up. Such an architecture must integrate the operational, security, and performance diagnosis of the environment, baseline those behaviors, use that intelligence to look for anomalies, and exchange local and global threat intelligence to automatically identify threats within the environment.
The Fortinet Security Fabric can deliver this defense-in-depth for a wide range of operating systems, applications, networks, and business. And in the near future, Intent based security will make sure that whatever protection the business needs, it will get - securely delivered, accountable, traceable, and with the integrity of the data untouched. And in the case of a breach, the ability to understand where and how you were successfully attacked and learn from that exposure to make critical adaptations is crucial so that the time to detect, analyze and respond can be decreased every time, especially for repeated attacks. Threat Intelligence platforms must be able to work together to deliver "data illumination,” leveraging a broad security fabric framework that can pinpoint specific high priority events, coordinate actions to mitigate that attack, and then automate those actions for ongoing protection.
For more on WannaCry see other Fortinet Perspectives:
Sign up for weekly Fortinet FortiGuard Labs Threat Intelligence Briefs and stay on top of the newest emerging threats.