Trustwave Blog

Expand Your Anti-Malware Arsenal | Trustwave

Written by Dan Kaplan | Sep 24, 2014

 

We've talked quite a bit this year on the blog about malware. And for good reason: Malware plays a significant role in many of the massive data breaches that are making regular headlines. Malware can be used for any number of damaging functions, including establishing an initial foothold within an organization or capturing sensitive information and sending it back to an attacker-owned server.

Thus, it's no surprise that targeted malware was the threat IT professionals felt the most pressure to protect against, according to our 2014 Security Pressures Report. Often, the malware used in these attacks is custom designed to evade traditional detection. Legacy, signature-based methods simply don't have the intelligence to stand up to today's more sophisticated attacks. As such, IT and security professionals must consider anti-malware services and technology that use a behavioral and conditions-based approach and are designed to identify malware - including zero-day attacks and blended and advanced persistent threats - in real time.

But that's not all practitioners need. Detecting and deflecting malware is the most important piece of the puzzle, but there are other critical components. In a targeted operation, where the goal of adversaries is to remain unidentified for as long as possible so they can siphon out as much confidential information as possible, defenders must consider other technological tactics (either delivered on-premise or as a managed service) that can both prevent a compromise and signal that a breach that is underway.

Here are six additional technologies and services that organizations should consider after they've deployed effective anti-malware protection:

1. Network Access Control: This vets unmanaged devices attempting to connect to the network and, as a result, helps keep a contaminated endpoint from spreading malware.

2. Security Testing: Also known as ethical hacking, this exercise evaluates an application's and network's ability to withstand attack, allowing you to identify potential vulnerabilities that could enable malware to enter and propagate once inside an environment.

3. Web Application Firewall: Malware often enters through the email channel via a phishing link or attachment, but attackers also fancy the web application layer to launch malware attacks via SQL injection and cross-site scripting. WAFs provide the shield to help close off this layer as a viable vector.

4. SIEM: This threat management technology comes in handy when hackers already are in the midst of their attack, particularly at the stage when they are either conducting reconnaissance or trying to laterally move within a network toward more high-value targets. During these phases, attackers often attempt to elevate their access and privileges - and typically use tools to steal weak credentials and access critical systems. SIEM increases network visibility and monitoring, and enables an organization to collect, analyze and correlate events that may signal unusual activity.

5. Database Scanning: The goal of most hackers is to ultimately land on the repository that houses an organization's crown jewels: the database. That's why it's imperative to scan that database to uncover weaknesses like missing patches, configuration errors and easily crackable passwords.

6. Data Loss Prevention: If all of these efforts have failed and the infiltrators have used malware to get their hands on what they are after, data loss prevention can help identify and halt sensitive information from going out the back door.

Preparing for and detecting malware, especially when it arrives in a targeted manner, is an enduring challenge for organizations of all sizes. But by building your anti-malware approach with a web security gateway focus, and complementing it with defense-in-depth technologies, such as the ones mentioned above, organizations can better protect themselves.

Perhaps that means you will be able to flush the bad guys out - or they will leave themselves, deciding that your business is simply not worth the financial and time-intensive effort to attack.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.