Saturday, November 21, 2015

NetSec 2015 visit

Went to a NetSec 2015, an industry - customer meetup organized by Exclusive Networks in Antwerp (Belgium) and talked to some interesting guys from Palo Alto, Sophos and Fortinet.  The buzzword remains APT (Advanced Persistent Threat). You have to admit it's something every IT manager should be scared of and it demonstrates the necessity of security products.  The industry's response at this moment is to fortify the endpoint security. Every vendor now has some kind of endpoint agent and comes in competition with traditional antivirus/anti malware products.  The session of Palo Alto was a bit of a surprise.  According to analysis every exploits can be categorized into a (combination of) 20-30 like different attack vectors. By analyzing malicious activity in that way, they are able to detect new threats. I was just wondering why the specialized AV companies never came up with this idea.  That's something I'm trying to  find out right now.
Another approach is to analyse log files (Balabit) or network data to recognize patterns to detect anomalies. The vendors are also rolling out support or releasing products for software defined networking.  As everyone keeps an eye on everyone, we can expect this features to make an entry in other vendor's products.

No comments:

Post a Comment