Infosec 2014: Use word health model to fight malware, says Check Point

Organisations should use world heal model to prevent malware infection, says security firm Check Point

The same model used to identify diseases and prevent infection should be used to identify malware and stop transmission, says security firm Check Point.

The H1N1 flu virus killed up to 100 million people in 1918, but only 14,000 in 2009, due to the collaboration of world health authorities.

“This proves the model of sharing symptom information, identifying a virus, developing a vaccine and distributing that vaccine worldwide, is effective,” said Ian Porteous, technical director at Check Point.

“In 2009, world health organisations recognised that they were reaping the benefits of collaboration and research,” he told attendees of Infosecurity Europe 2014 in London.

Just as individual countries are unable to defend against pandemics, individual organisations are no longer able to defend against increasingly powerful malware, said Porteous.

Several high-profile breaches have demonstrated that despite heavy investments in security controls, attackers are still able to steal data.

But using the collaborative world disease control model, organisations can reduce their risk of infection dramatically in the same way as H1N1 infections in 2009 were reduced from 1918, said Porteous.

The key is a generic model of threat intelligence that combines input from analysts, CERTs, the security community, malware research, sandboxing and security events to identify threat indicators.

Check Point has used this generic model to advocate secure IT infrastructure through what it calls “software-defined protection”, which draws on a database of threat indicators.

The security firm gathers symptom data from its sensors in customer and public networks, and combines this with data from its malware research labs and other security suppliers, including competitors.

Other inputs include shared attack information supplied by customers and dynamic malware analysis through threat emulation.

“We have implanted the generic plan and this approach is working by delivering hundreds of millions of threat identifiers to all customer gateways,” said Porteous.

“Based on our experience, we are advocating a more collaborative approach to protecting oranisations from malware infections,” he said.

Read more about Infosec Europe 2014


Read more on Hackers and cybercrime prevention