Bit9

Why is it that existing security software didn't stop Operation Aurora cyber attacks from using the Microsoft IE zero-day vulnerability to hack into multiple high-profile technology providers? Is it that this level of malware sophistication has never been seen before?

Dennis Blair, the US Cyber Chief, testified today before Congress and called these attacks "Cyber Pearl Harbor."  Read the story in the New York Times by Mark Mazetti here.

Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication," he said.

As zero-day attacks proliferate, antivirus vendors have begun blocking websites and offering intrusion prevention features aimed at trying to stop malware before it happens and even before it is identified. The problem is development and promotion of new security features often come as a result of cyber attacks like Operation Aurora and the Hydraq Trojan. Organizations and AV vendors appreciate the need for proactive IT security solutions, but if action is taken post-breach, the damage is already done.

Comprehensive layered defenses against cyber threats have been announced as the "new" methodology for preventing zero-day and targeted attacks, but proactive prevention is not new. Application Whitelisting, offered by Bit9 has been around since 2002. And many more companies are beginning to offer it.

Gartner analyst Neil MacDonald just wrote in his blog that:  "whitelisting at the endpoints would have stopped these attacks."

Application Whitelisting delivers malware prevention rather than reaction by establishing a list of known and approved applications, devices and files and halting execution of everything else. We've tailored whitelisting for organizations across all industry verticals - from government and finance to retail and healthcare. So when AV reacts to new attacks with new solutions, keep in mind that it is reaction, not prevention, that distinguishes their approach.