Isolation, the new paradigm… 


Trevor Reschke Head of Threat Intelligence

We are witnessing a slow paradigm shift for the cyber security industry. One that started many years ago and has culminated in a gradual but absolute decline in effectiveness of traditional anti-virus and anti-malware.


If there’s a manifest example of why this happened, it’s the aggressive marketing promises of ‘complete protection’ or ‘total security’ that anti-virus software used to tout. This, despite the fact that malware writers started getting smarter than signature databases in the early 2000s – something AV vendors weren’t keen to put in their messaging.     


Much has already been written about this trend, which perhaps reached its height with Symantec stating in 2014 that anti-virus was dead, despite it being a large portion of their business at the time. For those in the know, this was no secret. You can now even watch the phenomenon in real-time.   


When malware first became a problem, it was relatively static. A program was released into the wild and it did some damage, but was eventually stopped when signatures were issued the defender’s system knew how to recognize it. If you can see it, you can stop it – and so an approach which lasted twenty or so years was cemented in place. Initially this was done with signatures, then heuristics and now machine learning (ML), artificial intelligence (AI) and layering has taken up the slack.    


In the modern malware environment, this still falls short. Criminal software writers are masters of obfuscation, spinning out more versions of malware than it is practically possible to stop, 370,000 per day at last count – with some estimates saying as much as 97% of all malware is now unique to the recipient. It’s a bit like trying to fight a massed army of overwhelming numbers, in the dark, except attackers only have to get lucky once to completely compromise a device and everything the user does on it.  


What’s the shift? 


The real question is, what’s next? We know where we are shifting from, but what is the direction of travel?   


A new school of thought is emerging to address this situation, that of isolating the user and creating a safe environment when they are in situations where sensitive information is in play. The theory behind this is simple, don’t rely on blocking malware, instead isolate it once it’s installed by cutting off its ability to extract or even collect data.  


As a company offering such an approach, it is easy to tout this as a ‘brave new direction’ and the best solution. However, there is independent evidence of its uptake. Gartner recently estimated that by 2021, 20% of enterprises will embrace isolation of Internet browsing, up from just 1% last year, driving a 70% reduction in compromises. 


It’s not just in the realm of future theory either, as institutional investors such as JPMorgan, HSBC and AMEX are starting to get behind the approach as well. For three of the largest names in global finance to back this paradigm shift, it tells a much bigger story about the scale of the problem. According to the latest Verizon Data Breach Investigations Report (DBIR), the top malware actions in financially motivated crimes are keylogging and the use of a command and control (C2) server to communicate sensitive information. The report goes as far to say of banking Trojans: “the sheer amount of those breaches dominates the conversation like a telemarketer phoning a Trappist monastery”. It is clear, banks are overwhelmed at having to guarantee their operations against customer’s malware riddled machines.    


We believe this to be one of the most positive trends in the cyber security space. It has the power to redress the balance. For too many years, people and enterprises have been victims of an endless losing game of whack-a-mole, where the end result is only ever to fill criminal pockets. This is why we are passionate about what we do, and the people and companies we work for. Long live isolation.