RSA 2016 put out the slogan “Connect to Protect”. This is a rather naïve but very true statement. The world today is even more connected over the internet. It has not only changed how we live our lives but also how companies conduct business. However, this “CONNECT” part, gives those bad guys more opportunities to do malicious and harmful activities; on the other hand, it also gives the security companies and professionals more opportunities to advance technologies in detecting and protecting against those malicious attacks. RSA is the place to showcase the latest progress in threat and malware defenses.
Here are a few highlights that I have observed at this year’s RSA conference.
More integrated solutions:
Continuing on previous emerging individual technology on cyber defense such as IPS, AV, email and file protections, web application protection, identity protection, access control, sandboxing, cloud based security technique etc., more companies are heavily integrating these individual security technique into an comprehensive and complete solutions to hunt down ongoing or potential threats and attacks. The integrated solutions have obvious advantages, it can apply different types of weapons to detect the pre-beach or post-breach threat and attack and also at different stages of these attacks therefore providing network administrators and security researchers even deeper and richer visibilities and forensic analysis which will result in more accurate detection and effective mitigation actions.
Advanced Persistent Threat (APT) defense coming into main stream:
With dramatic increases of sophisticated malware attacks and their large financial and political impact upon data breaches, more and more companies are developing adaptive APT detection and protection techniques. Almost all of them utilize some kind of behavioral analysis and machine learning mechanisms based on known malware data and benign or malicious behavioral profiling and analysis. Smaller and newer players in this space are focusing more on the accuracy and performance of the detection engine itself while larger players are integrating this as part of the overall threat defense solutions.
Sandbox technologies are alive and well:
Sandbox technology is still going strong. More and more companies are promoting their behavior based threat detection and mitigation, ranging from end point to the cloud. Most of them use certain kind of sandboxing technologies. There are a lot of varieties of sandboxing I have seen showcased by various companies. It can be done in chip level using CPU debug mode for optimal performance; it can be done on VMs for flexibility and scalabilities; it can be done as full system emulation for more accuracy and completeness; it can also done in cloud for even larger deployment scalability and upgradability.
Hillstone Networks is well positioned among the latest threat defending technology advances. We have suites of leading products and solutions that can be used in different deployment scenarios in advanced threat protections. Most recently we have achieved NSS Lab recommended ratings for our next generation firewall (NGFW), we also have integrated platforms that combine static signature based threat detections and advanced behavioral based threat analysis and detection technique. This has made Hillstone Network an ideal choice in today’s ever evolving advanced cyber threat and defense combats.
