Security threats abound in the enterprise. Today's IT security professionals must worry about malware, spyware, hackers, DDoS attacks, hijacked USB drives, spies, cyber war, and other vulnerabilities too numerous to mention.
Fortunately, technological innovations are emerging to help block these types of attacks. Companies such as Seclore, for example, offer services that are designed to protect not just the delivery of documents outside an organization, but controlling how long someone has access to those docs. With new kill-chain tactics, meanwhile, a startup such as CloudStrike says it can determine not just the nature of a new attack but also develop a profile of the attacker.
[ Also on InfoWorld: 7 faces of 'hacking' hysteria. | Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
These innovations, along with four others, described below might be the answer to a common dilemma: Relying too long on the standard security techniques that a large company installed long ago.
1. Seclore: Controlling when, how information can be accessed
Security inside an organization is one thing. Protecting documents and files in the perimeter that's outside the firewall is a greater challenge. Enter information rights management, also known as enterprise rights management; this typically uses encryption, rights policies, full auditing and other security tools to protect sensitive information. IRM tools such as Seclore protect "who, what and when" policies for documents. One critical Seclore feature: IT can also control how long a document is in the hands of someone outside the company. Daimler, Panasonic and Fugro use the service.
2. Taa Sera: Analyzing communication patterns of malware
It takes more than a clever product name to block malware attacks. TaaSera does have a clever name -- it means Trust as a Service -- but the inner working of the detection engine should appeal to CSOs everywhere. The analyzer is what you might call "zero minute" detection; it looks for trace signs of a new malware agent such as the tell-tale signs of infection. The service goes beyond the signature-based security tools that block known viruses, though, using "correlated sequence of inbound exploits, binary downloads, command and control communication and outbound scans" to diagnose malware attacks.