Advanced persistent threats (APTs) have once again made it into the spotlight with the latest cyberattacks associated with APT28, also known as Fancy Bear or Sofacy. The Kremlin-sponsored hacking group behind the Democratic Party breach scandal, the attacks against NATO or those on French TV network TV5 is now shifting attention towards Europe. Earlier this week the campaign of Emmanuel Macron, favorite to become France's next president, was allegedly targeted by the same cyber espionage group.
APTs are not limited to state-sponsored attacks, as enterprises can also fall victim when competitors exploit zero-day vulnerabilities to install highly targeted malware for corporate espionage and intellectual property theft.
As a result, advanced persistent threats are among the top concerns for 37.02% of respondents in a Bitdefender survey of CISOs conducted at RSA 2017, and zero-day vulnerabilities are a concern for 38.67%.
As the threat landscape actively influences what decision makers and boards expect in a security solution, we polled 180 IT professionals during the RSA 2017 event to better understand their key concerns and expectations.
Some 57.63% wish their endpoint security solution could detect never-before-seen malware using non-signature based technologies like machine learning, says the report. Other desired endpoint security improvements are advanced anti-exploit technology (36.72%), the ability to automatically monitor running processes to detect file-less attacks (29.38%), automatic remediation and clean-up – the ability to roll back changes made by malware (36.72%), encryption management from the same console (22.6%), application control and whitelisting (20.34%), integrated patch management (16.95%) and EDR integration within the same endpoint (EPP) agent (8.4%).
57.54% of IT professionals named protection of sensitive customer and company data as the main reason to deploy security for their virtual environments, while 36.87 percent deployed security mainly to comply with internal and regulatory requirements. 34.08 percent aimed to prevent attack-related service interruptions, Bitdefender found.
39.89 percent complained that their virtualization security solution requires extensive manual efforts to deploy, maintain, push policies and upgrade. Others said their security agents take up too much virtual machine capacity (28.09%), it cannot support multiple hypervisor environments from the same instance (25.28%) and that the management console does not cover virtual machines deployed in the public cloud (17.98%).
As many as 33.9 percent of the respondents did not know what was the most effective exploit mitigation technique in their data center. While the use of an endpoint security agent with anti-exploit capability in the guest VM was named most efficient by 43.5 percent of IT managers. 32.77 percent said they used a hypervisor integrated security virtual appliance to monitor the guest virtual infrastructure for exploits.
Cyberattacks can go undetected for months and, in most cases, breaches stem from zero-days and kernel-level malware. This is precisely what APTs turn to, because it keeps them from being detected. Kernel exploits and rootkits can corrupt endpoint security solution to gain full control over the operating system. But beyond threats, the challenges of the continuously-evolving datacenter also include performance degradation and scalability issues inflicted by security solutions tailored for the physical ecosystem. This leads to an increase in the number of enterprises seeking to deploy a security layer at hypervisor level that can’t be weakened by malware and that thoroughly monitors the raw memory stack of every virtual machine while causing zero performance impact during its operation.
The survey was conducted by Bitdefender at RSA Conference 2017 in San Francisco, CA in February 13-17 on 180 IT professionals.