Ancient military wisdom dictates that defenders need to know themselves as well as their enemy, and this can be applied to defending information security today, says security firm Websense.
In building effective IT defences, businesses should first know which data is critical; where it is OK for that data to go; who should have access to that data; and what could put the company at risk if it were stolen, according to Didier Guibal, executive president of worldwide sales at Websense.
The next step is to know who the hackers are, what motivates them, what intellectual property they are likely to target, and what their attack methodologies are.
Websense has identified seven phases to modern, advanced information security threats and focussed on them in the latest version of its Triton web, data and email security product.
Tie-ins with all communication channels is aimed at raising awareness, picking up on the reconnaissance missions and lures used by cybercriminals, said Tom Clare, senior director, product marketing at Websense.
A real-time analytics capability, including link and exploit analysis, is aimed at hacker redirection techniques and use of exploit kits. Inline defences, including malicious PDF detection and multiple anti-virus engines, are aimed at malicious file dropping and malware calling home. And containment capabilities, such as embedded data leakage prevention, geographical data tracking and forensic reporting, are aimed at blocking data theft.
Announcing Triton 7.7 in London, Websense said the product will provide 10 defences in its core Advanced Classification Engine (ACE), including seven "industry firsts" such as an online sandbox service, criminal encryption detection, password file theft detection, forensic data capture and optical character recognition to monitor data in motion.
"The forensic capability tells businesses who would have been compromised, how the malware operates, where the data would have been sent and what was prevented from being stolen all in one console," said Clare.
Websense plans to differentiate its offering from competitors by including these seven technologies aimed at monitoring outbound data, in contrast to traditional approaches that tend to look only at traffic coming into a network.
This approach, said Clare, enabled a US healthcare organisation to reduce outages of mission critical systems due to malware by 50% and a US federal agency to reduce the need to re-image systems because of malware by 60%.