Seriously, is anyone surprised?
I’m sure you’ve seen the news about Chinese infiltration at the New York Times:
According to the article:
Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant.
Signature-based protection alone hasn’t been enough to protect endpoints for years – see this post titled “Is antivirus obsolete?”. That’s why Gartner dropped its antivirus magic quadrant in 2006.
Further, like other advanced attacks, application control (also referred to as whitelisting) solutions likely would have stopped this attack in its tracks – see this post from 2010.
Unfortunately, application control has a historical reputation of not being deployable or manageable for end-user systems. The reality is that application control can and will be successfully deployed for end user systems and provides excellent protection from these types of attacks. I just published a research note for Gartner clients on this topic titled “How to Successfully Deploy Application Control” that provides specific guidance on adopting this approach.
Why aren’t you deploying this type of approach, at least for some segments of your user population?