Security Pros Need a New Mindset to Fight MalwareJuniper's Paul on the How to Respond Better to Polymorphic Malware
The cyber underground, like conventional businesses, now has an established system with a clear value chain. Disrupting this is not a viable proposition, and instead organizations need to look at driving up the cost to the attacker - something that requires a change in mindset, says Sajan Paul of Juniper Networks (see: Making Life Harder for Cyber Threat Actors).
"We could have a theoretical discussion that software should be bug-free, and there should be a security framework built as part of the software development," he says in an interview with Information Security Media Group. "But these are all hygiene factors, and we are not living in an ideal world. So you will continue to have software bugs, and it's likely that the attackers will find these bugs before the OEMs do."
Organizations now need to now consider using behavioral analytics and cognitive methods to fight advanced malware attacks, he stresses. Malware, the most predominant attack vector, is rapidly becoming far more complex, rendering using traditional signature or rule-based methods to detect it nearly obsolete, he says.
"The only option to manage this is to look at the change in the behavior in your environment using analytics and cognitive thinking - based on which informed decisions can be taken," he explains. "Any attacker will give away their presence sooner or later, and taking this new approach is the way to keep them on their toes, because that is something attackers cannot escape."
In this exclusive interview (see audio player link below image), Paul also talks about:
- Why building security budgets is now less challenging (see: Security Spending for the Long Term);
- Recommendations for how to make it more difficult for attacks to succeed;
- Traction for new technologies and need for sharing intelligence.
Paul is the director of systems engineering in India & SAARC at Juniper Networks. He covers both the enterprise and service provider verticals. He has more than 20 years of experience in the telecom and networking industry, working in design, driving technology directions and managing solutions. In his current role, he drives strategic solution initiatives and technology architectures to help organizations build their next-generation network infrastructures.