Cyber Advanced Warning System sounds the alarm on security threats

Michael Kassner

Updated April 17, 2015 at 3:21 PM

Image: NSS Labs

NSS Labs, known for its independent testing of information-security products, has been in the industry for many years. That longevity affords the company a unique perspective of today's businesses and whether their security measures are effective.

From a 2015 white paper by NSS Labs: "In the face of a growing attack surface and mounting global losses from cybercrime and cyberespionage incidents, companies wishing to remain operational in a digital world spend increasing amounts on security products as they seek answers to three key questions."

How are attacks blocked?
How does a company know it has been compromised?
What happens following a compromise?

A fourth, and even more critical, question

The people at NSS Labs suggest that something else is needed. "Clearly, a new approach for cybersecurity and risk management is required," the paper mentions. "While the preceding questions are undoubtedly important, and the products supporting them are necessary for a robust security strategy, there is a fourth question that is even more critical." That question is: How do companies avoid compromises?

NSS Labs tries to answer the avoidance question by harvesting and then analyzing the following threat information.

Capabilities of the Adversary: There is an untold variety of malware in the wild; all of it is useless unless the malware can be installed on the victim's computer via an exploit kit. Since the number of successful exploit kits is far less, NSS Labs prefers to focus attention on exploit kits more so than malware.
Security Product Failure: No antimalware product, according to NSS Labs, is 100% effective. So NSS Labs channels its effort to identify what's slipping by the products.
A Vulnerable Target: All the different application, browser, and operating system combinations come under consideration. "It is vital that the exact target vector is determined for each attack launched by the threat actors," explains the white paper. "From that, the question becomes 'Am I running that specific version of application with that specific version of operating system?' If not, then you are not vulnerable, despite the failure of your security products."

Cyber Advanced Warning System

To fill the cybersecurity and risk management void that NSS Labs feels exists, the company recently introduced Cyber Advanced Warning System (CAWS) -- a service that proactively determines a business's security status.

The NSS Labs technology underpinning CAWS is called BaitNet: a cloud-based sandbox environment used to test endpoint and network security products. BaitNet consists of two sub-components: Capture and Replay.

Capture gathers suspicious URLs from open-source, commercial, and clients of NSS Labs threat-information repositories. The compiled URLs, in particular those containing exploit kits, are passed to a controller, which spins up Virtual Machines (VMs), and directs the VMs to visit the malicious URLs. Each VM will:

Have a unique combination of operating system (including service pack/patch level), browser, and end-user application.
Run only one version of any application, allowing BaitNet to decide if that application and operating system combination is vulnerable to the malicious website's exploit kits.

If a compromise is discovered, the entire VM session is packaged and sent to Replay, the second component of BaitNet. Replay's controller distributes the session across the BaitNet test harness consisting of VMs matching the configuration of the infected host. The idea behind BaitNet is to mimic the operation of a typical user when clicking a URL within a browser and then analyze the results.

"Note that CAWS will only raise an alert if a current exploit is capable of bypassing all of your security products," cautions the white paper. "Should one of your users fall prey to the attack, no evidence of it would appear in any of your logs."

In essence, CAWS is a safe way to decide whether all facets of a company's security platform are safe.

An additional feature is CAWS's ability to work out whether using multiple security applications together is of any benefit. "CAWS might indicate today that a next-generation firewall missed 20 exploits; an intrusion-protection system missed 15; and an endpoint protection platform missed 10," from the NSS Labs website. "However, because the three products are complementary in terms of coverage, the count of Relevant Threats (i.e., those threats that bypass all security products in the stack) is zero."

Also see

10 best antimalware products of 2014, according to AV-TEST
Researchers take a bite out of malware
Free ebook: Executive's guide to the next wave of security challenges
Security and Privacy: New Challenges (ZDNet/TechRepublic special feature)
Penetration Testing and Scanning Policy (Tech Pro Research)

Disclaimer: TechRepublic, ZDNet, and Tech Pro Research are CBS Interactive properties.

Automatically subscribe to our Information Security newsletter.

Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more
Miami Heat president Pat Riley rebuked comments Jimmy Butler made about the Boston Celtics and New York Knicks, while also implying that his star needs to play more.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series
Our NBA staff makes its picks for Knicks-Pacers and every second-round series.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Celebrity
Dwayne Johnson is difficult to work with, report claims. The star has 'mountains of public goodwill' to offset negativity, expert says.
Once named the “Most Likable Person in the World,” the actor is under fire in a new report, accused of showing up to work late on the film “Red One,” irritating the crew and causing the budget to balloon.
Yahoo Sports
Daryl Morey vows 'a lot of change' around Joel Embiid, Tyrese Maxey: Who will 76ers target this offseason?
The window for Philadelphia is now, and it's up to Morey this offseason to maximize it.
Autoblog
Edmunds bought a Fisker Ocean, warns others not to make the same mistake
Edmunds bought a Fisker Ocean and details the highs and lows of ownership while warning others not to make the same mistake.
Yahoo Sports
Victor Wembanyama wins NBA Rookie of the Year via unanimous vote after delivering on unprecedented hype
Victor Wembanyama did everything for the Spurs as a rookie.
Yahoo Sports
NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show
Every player was dressed to impress at the 2024 NFL Draft.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Cyber Advanced Warning System sounds the alarm on security threats

A fourth, and even more critical, question

Cyber Advanced Warning System

Also see

Automatically subscribe to our Information Security newsletter.

Recommended Stories

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former NBA guard Darius Morris dies at 33

The FDIC change that leaves wealthy bank depositors with less protection

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

Social Security just passed Medicare as the government's most pressing insolvency risk

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

Dwayne Johnson is difficult to work with, report claims. The star has 'mountains of public goodwill' to offset negativity, expert says.

Daryl Morey vows 'a lot of change' around Joel Embiid, Tyrese Maxey: Who will 76ers target this offseason?

Edmunds bought a Fisker Ocean, warns others not to make the same mistake

Victor Wembanyama wins NBA Rookie of the Year via unanimous vote after delivering on unprecedented hype

NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show