RSA 2011: Modern IT security often too difficult to deploy, says security technologist

Businesses need to modernise their IT defences as attackers continue to up their game, says James Lyne, senior technologist at security...

Businesses need to modernise their IT defences as attackers continue to up their game, says James Lyne, senior technologist at security firm Sophos (pictured).

Despite the availability of technologies to detect the most advanced attacks, not all businesses are using them, he told attendees of RSA Conference 2011 in San Francisco.

But the IT security industry is partly to blame, he said, because many of these more advanced technologies are too complex, too resource intensive, and too difficult to deploy.

As a consequence of this, Lyne said far too many businesses rely on basic and standard IT security defences, which although necessary, are not enough to defend against the current wave of professionally produced high quality malware.

"Not only is the quality high, but the volume is increasing all the time. Sophos is seeing 95,000 new types of malware a day and we predict this will be up to 150,000 by the end of the year," he said.

This unbelievable velocity is enabled by well-organised criminal groups that are using the latest technologies and with greater resources than IT security suppliers and even governments because they are not bound by any legal restraints, said Lyne.

Cyber criminals have access to cloud-based services that will test their malware against every anti-malware tool and provide a report that includes tips on improving the effectiveness of the code.

"This is effectively quality assurance for criminal gangs," said Lyne.

For this reason, he said, IT security has to go beyond basic protections and content detection because these cannot keep pace with innovation by criminals.

"We need to move to reputation and behaviour-based technologies, and we need to make them easier to use," said Lyne.

Behaviour-based protection, he said, is all about catching threats as early as possible to enable businesses to restore systems quickly and easily.

According to Lyne, there needs to be a shift in the industry towards more dynamic detection methods. There also needs to be a conscious effort to kill the buzzwords and to focus instead on making it easier for businesses to make use of innovation.

"We need to make sure IT security solutions are dynamic, integrated and above all easy to use," said Lyne.

Read more on Hackers and cybercrime prevention