On Monday and Tuesday this week, the Banking Committee for Information Security (BCIS) sponsored a workshop in Riyadh. It was patronized by the Governor of the Saudi Arabian Monetary Agency, Dr. Fahad Almubarak, as well as representatives of SAMA, the Saudi banks and many other interested parties. The objectives of this workshop were to understand the current cyber threats and for experts to suggest recommendations for the mitigation of these attacks. On the second day of the seminar, Dr. Anup Ghosh, author, founder and CEO of Invincea spoke about protecting organizations from advanced persistent threats (APT). These are cyber threats, sometimes sponsored by governments, which have the goal of gathering sensitive data. In earlier times such espionage required spies on the ground, but now Internet- based resources may be used to infiltrate organizations from a distance. “The talks on the first day of the seminar, were educating the audience about evolving cyber threats,” Ghosh said. “All the problems that Invincea protects against were addressed. These include advanced persistent threats, targeted attacks against the banks, spear fishing and the fact that you can't keep up with malware using signature based products. All these speakers provided a great introduction for my presentation.” Invincea offers an innovative solution to cyber threats. It moves the applications that are most likely to unleash a threat, such as the browser, PDF reader and Microsoft Office, into a secure virtual environment, isolated from the rest of the network and its data. Ghosh likened this location to a virtual fishbowl. Corporate staff would use applications such as Internet Explorer or Microsoft Word in a virtual container. If they opened a file or clicked on a link and something nasty got loose - it would be confined to that secure virtual fishbowl. An alert would be activated when the incident happened. The cyber threat would then be securely sucked out of the fishbowl and analyzed. No harm would have been done to the network and the enterprise would continue conducting business as usual. “Every security product out there usually requires a list of known bad or in certain cases, known good. What that presumes is that you have prior knowledge of your threats in order to detect them,” Ghosh explained. “In any targeted attack on an enterprise, almost by definition the attack won't be known. Such attacks are customized. If a targeted malicious email is sent to an individual, it will have a well-researched subject line and contents, certain to be attractive to that person. The malicious payload in such an email would have been specially written and tested to make sure that antivirus wouldn't pick it up.” With Invincea, what's ideal as well is that with the threat captured and documented, a proper investigation can begin into where this threat came from and the individuals or organization behind it. According to Ghosh, this will help companies allocate their resources for the best cyber defense. For instance, an organization can learn if the cyber attacks are coming from a nation state targeting the operations of a company or if the competition is attempting to steal technology. “A lot of companies have an academic awareness of cyber threats because they read about them and learn about them through the media” Ghosh said. “But the fact that it could happen to their company doesn't quite hit home. With Invincea when the user clicks the link, then the infection can be seen and for the first time companies become aware of these elite targeted attacks.” And forever lost are any illusions an organization might have about its immunity from cyber crime.
