It seems as if every week there is yet another news story about a company reporting a security breach. Organizations continue to find themselves under siege, and the attacks are not only increasing but are becoming more subtle and varied as well.
The recent Michaels breach, exposing at least 3,000,000 customer’s credit card information over the course of several months is the most recent example. According to the New York Times, two security firms brought in to review the breach stated that the attack was a result of “highly sophisticated malware that had not been encountered previously by either of the security firms.” The increasing complexity of these attacks are proving to be more than the traditional one-two punch of the firewall and antivirus set up can handle.
Today’s most sophisticated cybercriminals are increasingly bypassing traditional antimalware solutions and inserting advanced persistent threats (APTs) deep within networks. These highly targeted attacks evade established signature-based detection by masking their malicious nature in many ways — compression, encryption, polymorphism, the list of techniques goes on. Some have even begun to evade virtual “sandbox” environments using VM detection, “time bombs” and more.
Attackers are getting more creative and subtle with their attacks and companies need to be armed with the latest threat intelligence in order to protect their critical network infrastructure, their private data and especially their customers. With the cost per record breach as high as $225 per record, a single breach can put a company out of business. As a result, more organizations are turning to a Managed Security Service Provider to help secure their networks.
While the increase of business is great for this growing market segment, some estimates put the market at $15 Billion by 2015, the influx of new customers and the new breed of APTs can create problems for MSSPs. Customers need advice and MSSPs need to know the answers.
- What threats are hot?
- What attacks should the customer or MSSP be looking for in their particular geography?
- An attack was detected, what should I do?
- What were they trying?
Fighting today’s attacks requires a comprehensive and integrated approach, more than the firewall and antivirus combination, even more than antimalware. MSSPs need advance threat intelligence and the ability to “sandbox”, or run in a separate, non-production environment, new zero day attacks in order to combat these APTs.

