Thursday, 12 May 2016

Malware prevention - ’10 Steps to Cyber Security’

The scale of malware is enormous. Approximately 250,000 new malware sites are brought online every day. While the majority of these are only alive for around 24 hours, they can cause enormous damage.

This is particularly true when malicious sites are combined with different attack methods such as phishing or pharming or even search engine manipulation.

Wreaking havoc

All it takes is for malicious malware to end up in your network is an employee to fall for a phishing email, clicking on a poison link and then being redirected to a website where a Trojan is implanted into the network.

The CESG’s 10 Steps to Cyber Security outlines the potential in a rather prosaic manner: “Malware infections can result in the disruption of business services, the unauthorised export of sensitive information, material financial loss and legal or regulatory sanctions.”

Blackmail

Malware can lead to blackmail, the deletion of entire databases, key loggers that record every finger tap across a keyboard, backdoors that are used to implant malware, rootkits that provide full access to a system and passwords stealers.

As malware has been around for such a long time, everyone is familiar not only with the damage it can cause, but also its ubiquity. As a result, there is widespread understanding that it needs to be guarded against which is positive.

The most effective way of doing this is via robust and rigorous antivirus at the firewall. Antivirus needs to dovetail with other defence methods such as real-time threat detection and forms of detection that don’t just rely on detecting virus signatures. This is because host and client machines also need protecting.

Zero day threats

While signature detection is important to block the hundreds and thousands of malware variants that swarm the Internet, it’s not enough to detect newly- released malware, so called zero-day threats.  As more Internet traffic becomes encrypted via the HTTPS protocol, the need for layered malware protection becomes more acute.

It’s possible to use technology that not only sends an alert that an unknown file has entered your network, but also informs you whether it reached a computer, if it executed, what it did, when it ran, if it spread or deleted itself and so on. If the file is malicious, you can automatically stop it from executing. This enables you to rapidly prioritise alerts, investigate events, and remediate incidents.

Wide ranging defence

This holistic layered approach recognises that malware infections are, not only, too common, but the enterprise needs protecting across the range of its systems. From the perimeter firewall to endpoint devices, protection is needed at every stage.

No comments:

Post a comment