PLAYING DEFENSE AGAINST HACKERS IS LIKE A NINE-INNING BASEBALL GAME

Featured article by Guy Guzner, CEO and co-founder of Fireglass

In baseball, there are few plays more exhilarating, more memorable and more impactful on the final score than a long home run. But, as any fan can tell you, home runs aren’t the only way to take down an opponent. In baseball there are plenty of ways to score. Some of them aren’t as picturesque as a long ball, but they all inflict certain degrees of damage. Defenses have to do their best to prepare for every occurence and prevent the other team from scoring.

IT staffs face the same kinds of challenges baseball managers do. They have to worry about all kinds of threats to their systems. Hackers are trying to score any way they can. IT staffs have to be on high alert at all times, devising their own brand of run-prevention strategies and constantly shifting up their defenses to stay ahead of their rivals.

Today’s IT managers need modern-day tools to defend against the most common threats, which are outlined below. As IT managers determine new ways to improve security, an isolation platform creates a secure environment between users and the web – executing web sessions remotely and delivering only a safe visual stream to users’ browsers. Isolation is based on the concept of creating an “air-gap,” which eliminates the risk of malware by preventing the possibility of malicious web content reaching devices.

Looking through a baseball lens, here is a list of the nine most prominent ways we see hackers trying to score and some “run prevention” strategies IT leaders should pursue.

1^st inning: STRINGING TOGETHER A SERIES OF HITS

Some baseball rallies take a little while to unfold. One hit starts it off, and a few more move the runners along, putting multiple runs up on the scoreboard. Same with Zero-Day exploits. Hackers hit your browser without any prior defense method to block it or even know that it has struck. And they can keep striking. Patches most likely don’t exist and deploying a patch requires more valuable time to be lost and the risk to be even greater. Research has shown that the window from when a vulnerability is identified to when it is fully eradicated can stay open for up to 10 months.

2^nd inning: TAKING ONE FOR THE TEAM

One way to outfox a pitcher is to wait for an inside pitch and let it hit you. This gives the batter a free base. They call it “taking one for the team.” In offices, people inadvertently let themselves get hit when they open spear phishing emails. They’re taking one, but the inside pitch doesn’t benefit the batter’s own team. It helps the hackers gain access to the company’s systems. According to Verizon Data Breach Investigations Report, up to 80 percent of all hacking attacks derive from phishing attempts mostly because they continue to be effective. Spear phishing emails are so target-specific they cannot be prevented by existing anti-phishing solutions. Research also reveals that even with employee training programs, 12% of employees click on links to phishing sites.

3^rd inning: WALKS

Baseball analysts hate walks. They put runners on base without the benefit of a hit, and the more runners the pitcher puts on base, the better the chance those runners will score. Common sense. Same goes for web browsing. Employees who visit a lot of unsafe sites every day are asking for trouble. Sooner or later, they will encounter a site that’s malicious. Limiting employees’ web access can reduce the risk but hinders productivity. Running web sessions in isolation, protecting the user from malicious content, is another.

4^th inning: HIT AND RUN

In baseball, the hit-and-run play surprises an unsuspecting defense with a steal attempt and a well targeted ground ball through an open hole. Malvertizing is just as dangerous to an office staff. Hackers insert malicious code into ads served by trusted sites to unsuspecting users. To make things worse, these ads often deliver malware even without a user clicking on them. Mandating browser Ad Blockers is a first step to fight this threat.

5^th inning: STEALING SIGNS

Baserunners that are clever enough to figure out a catcher’s signs can slyly tip off a batter about what pitch is coming. In business, insider threats can do much higher levels of damage. It could be an employee physically stealing a password and feeding an outside hacker. More likely, it would involve an employee being negligent and not complying with security policies. This pattern, combined with unnecessary access to confidential data, puts the entire organization at risk. Reduced access could also help to decrease this threat.

6^th inning: SACRIFICE FLIES

In baseball, one way to score is for a batter to sacrifice himself – to hit a fly ball long enough for a runner on third to score before an outfielder can throw him out at the plate. In business, workers in a hurry to download files often sacrifice security for the organization. They do this by downloading files through a browser which can bypass web security. Since analyzing files through a network sandbox requires significant time, users often download these files before they’ve been deemed safe. Rendering these files remotely through the browser instead of downloading them, can be used to protect from this threat.

7^th inning: BEATING THE SHIFT

A baseball shift stacks fielders on one side of the diamond to thwart a batter who has a tendency to pull the ball to that side. To beat the shift, the batter hits it the other way. Hackers conduct similar kinds of sneak attacks, embedding attachments with offending hazards. Once the attachments are opened, the dangerous code can infect your PC. While most organizations run email attachments through a sandbox, attackers are now using sandbox evasion techniques to get past this line of defense. File sanitization, which strips out exploitable content from files, can be eliminate this risk.

8^th inning: STEALING BASES

Teams with speedy runners take advantage by stealing every base they can, putting more runners in positions to score. Hackers leverage their own skills to take advantage of employees’ sloppy browsing of unsafe sites. Using newly created domains, attackers deliver malware to the browser. Since URL filtering, the leading web security approach, cannot classify such sites, employees accessing these sites are putting the organization at risk. One approach to minimize risk is to blocked such sites by default.

9^th inning: SWINGING FROM THE HEELS

We reached the final inning! Hackers who want a big, final score can always “swing from the heels” and try to hit a home run. Ransomware could be described as the home run in the hacker’s offensive arsenal. Often delivered through the browser, this malware is a violent attacker that encrypts files on the infected PC and then extorts a fee in return to receive the decryption key to regain access to the encrypted files. Ransomware has become a popular tool used by attackers, since many organizations decide to pay the ransom to minimize business disruptions. One best practice to reduce this risk is to create secure backups of your data on a regular basis.

Guy Guzner is CEO and co-founder of Fireglass, the leading agentless isolation platform that eliminates malware and phishing from web and email. Guy Guzner has over 15 years of experience in building network security products and managing large product and engineering teams. In his last role he was head of security products at Check Point software responsible for a product portfolio with $1 billion in revenue. Headshot attached.