Gabi Reish, global head of product development at network security specialist Check Point, talks to Duncan MacRae about the IT threat landscape and how ‘sandboxing’ should be part of everyone’s defence.
What kind of developments are you noticing in the threat landscape?
We see enterprises around the world facing different types of attacks or different types of malware. The motives for attacks today are primarily about financial gain – trying to steal money from organisations or individuals.
Secondly we see espionage. It could be state driven but often it’s industrial. The third motive that is quite new is hacktivism. It’s not for financial gain, but to make a specific statement – a virtual group of individuals on the Internet trying to make a specific point against an organisation. It could be a religious organisation, governments or any enterprise that gets targeted.
Most organisations, from small to large, will one way or another be vulnerable to these type of attacks. Every individual or organisation has private information they don’t want to disclose.
It’s unclear what the next big motive for hacking will be. It could be because someone belongs to a specific state or because they have specific ideals but, when we look at today’s malware threats, one way or another we’re all vulnerable.
And there are so many different vectors of attack. We’re using so many different types of computers, smartphones and tablets. A lot of organisations are using the cloud these days and that’s another way companies can be attacked, so we’re much more vulnerable than we were in the past.
The malware is also very dynamic now. We’re not just facing one type of virus so we can’t rely on just one type of protection. There’s a market for creating attacks. If I want to attack you I can buy a specific attack on the black market and I can create my own variant of the attack.
Malware is changing all the time and there are about 100,000 new variants of malware created every day. With the click of a button I can create my own attack against a specific person.
A lot of companies are now using sandboxing technology. What is this and how can it help to deal with these threats?
Checkpoint provides multiple layers to protect people against attacks. The reason multiple layers are needed is that there’s no silver bullet. I can’t give organisations one simple solution that can be used to fully protect people. You have to have multiple layers that compliment each other and protect themselves. Altogether, they provide very good protection.
Sandboxing compliments these layers against what we call ‘the unknown’. The bad guys create new attacks every day – zero day attacks that nobody has heard of before. No anti-virus software will have detected these specific strains of attacks. It’s all about protecting people and companies from these new, undiscovered types of malware. Once they’re discovered the standard anti-virus technologies will take control and they’ll protect you.
The problem is the gap in time between you being attacked with a new type of malware and the anti-virus software being able to protect you from it. With sandboxing technology, we look at the files that have been downloaded through the web or an email attachment. We take the files, open them in the closed, sterile environment of sandbox, and we examine its behaviour when it’s opened in a closed environment. So, before an end user gets infected, the sandboxing technology automatically examines a file in a lab-type environment. If there is abnormal behaviour then we’re quite certain it’s malware.