2015 -- the year automated malware protection and firewalls become worthless?
Whether you're a home or business user, one thing you've probably had drummed into you for years is the importance of virus protection, an effective firewall and malware guards. Well, as we start our journey into 2015 such security tools may not be anywhere near as effective as they used to be. Is it worth investing in them at all?
The suggestion isn’t that we should ditch firewalls and malware protection altogether -- that would be insanity. But security expert Ilia Kolochenko says that we need to rethink our reliance on automated security tools.
Kolochenko is CEO of High-Tech Bridge and Chief Architect of ImmuniWeb, and he has looked forward to the year ahead to make a number of security predictions. Perhaps the most interesting is the idea that we will no longer be able to rely on automated security tools to offer the level of protection we need. That's not to say that they won't have their place, just that human intervention is going to be necessary as attacks become more complex and evolve more quickly.
Web Application Firewalls, Web Vulnerability Scanners or Malware Detection services will not be efficient anymore if used independently or without human control. Both web vulnerabilities and web attacks are becoming more and more sophisticated and complex to detect, and human intervention is almost always necessary to fully detect all the vulnerabilities. It's not enough to patch 90% or even 99% of the vulnerabilities - hackers will detect the last vulnerability and use it to compromise the entire website. As a solution to the new threats High-Tech Bridge has launched ImmuniWeb SaaS -- a unique hybrid that uses automated security assessment combined with manual penetration testing.
Kolochenko also believes that we'll see an increase in the number of online problems originating from external sources. It's fair to say that direct attacks that exploit vulnerabilities in sites, apps and services will continue, but there will be an increase in attacks that take other forms. Plugins are seen as being particularly problematic, as is cross-site scripting (XSS), and these are just two examples of security problems that require human intervention.
So while it might not quite be time to ditch the malware tools and firewall entirely, it is time to appreciate that even the best tool is only ever going to offer limited protection.