If you're confident the antivirus software you set up recently can protect your IT infrastructure from malware, these quick facts on the state of malware might change your mind:
- Panda Security reported there were around 230,000 new malware samples produced daily in 2015. Tellingly, more than a quarter of all malware samples ever recorded in history were produced last year.
- Jonathan Dale, IBM's Director of Marketing, warned organizations in his Security Intelligence article that 2016 could be "the year" of mobile malware.
- While OS X is supposedly more immune to malware, Carbon Black's Threat Research team found out otherwise—it turns out that 2015 was the most prolific year of successful OS X malware attacks in history.
In addition, a shift in the ultimate motive of malware authors has led to malware becoming more difficult to detect and remove. In the past, malware’s sole purpose was to gain author notoriety. These days, malware is often used for financial gain.
Take Botnets, for instance. Billions have been lost to Botnets through bank fraud, identity theft, phishing, spam, and DDoS attacks.
As cybercrime activity rose in frequency and sophistication last year, relying on a patchwork plan against malware exposes your IT infrastructure to all manners of attacks. More importantly, organizations should safeguard each endpoint in their network through multiple layers of detection and remediation to ensure every asset is secure and malware-free.
Secure Your IT Network With This 3-Step Plan Against Malware
Keeping your IT network secure typically requires a significant amount of resources—from building a team of information security specialists to figuring out the right solutions that are the best fit for your organization's needs.
To help you speed things up, below is a 3-step plan you can implement ASAP to stay ahead of malware.
Step 1: Strategize
Start by viewing the big picture of the entire malware threat landscape in your network. Review previous infection vectors and identify potential entry points. These often include but are not limited to the following:
- Social engineering tactics
- Removable media such as USB keys
- Weak passwords of accounts within the network
- Social media phishing and email links
- Vulnerabilities in client-side software (e.g. workstations)
- Susceptibilities in network-accessible software (e.g. servers)
Once you’ve identified these possible entry points and completed a vulnerability assessment, take the following steps:
- Catalog these vectors on your list from more likely to least likely to cause damage to your network.
- Create a separate list and write down the possible technologies and measures you can employ to prevent malware proliferation from each vector.
- Consider the possible activities malware can do once it infects your infrastructure. Downloading sensitive customer information is a good example. Afterward, list the measures you can take to keep potential malware from doing these activities across the infrastructure, including your servers and internal network devices.
- Once potential entry points and possible scenarios have been identified, sort potential target assets based on the sensitivity or any relevant category.
- Design your anti-malware strategy based on the aforementioned information you’ve gathered and sorted out. Keep in mind you should define your infrastructure’s perimeters beforehand and devise a strategy that considers every possible scenario.
Step 2: Secure
Once you have a blueprint on how your IT infrastructure can resist malware, your next step is to apply a robust set of commands and restraints to defy malware. These include but are not limited to the following:
- Build a firewall.
- Tighten mail security.
- Restrict user accounts.
- Employ SSL (Secure Socket Layer).
- Enforce a strict no P2P (Peer-to-Peer) policy.
- Develop and maintain a robust signature set.
- Review existing applications and whitelist applications.
- Do not ignore software update prompts. Keep up with security patching.
- Limit permissions in networked drives to read-only instead of read-write.
- Build a solid web security gateway to stop malware from infiltrating servers and workstations.
- Educate employees on what they can do to thwart an attack such as responsible web browsing, keeping browsers up to date, avoiding suspicious downloads, etc.
Step 3. Detect
Gone are the days of spotting malware by installing simple antivirus software and signature-based detection. Malware authors are clever enough to design malware that can penetrate networks and avoid standard detection.
Unlike anti-virus programs or statistical anomaly detection that require constant human intervention, CimTrak is more effective at detecting new zero-day threats, unexpected system changes, and remediating risks to individual systems. CimTrak protects files on the system and has the capability to instantly restore files to their authoritative state.
After initially telling CimTrak which files to monitor, CimTrak requires no further user input to effectively mitigate changes to a monitored file. By and large, CimTrak does not use virus or malware signatures or rely on detecting anomalies.
Alternatively, you can also include the following detection methods:
- Setting up a honeypot. Honeypot systems are configured to deliberately attract malware and other forms of infection.
- Behavioral profiling or monitoring the actions of a program to figure out if it's malicious or not. This is in contrast to signature-based detection which tracks what the malware "says" rather than what it does.
- Blacklisting. This is useful if your honeypot has already captured a sample of the malicious program.
- Identifying patterns in DNS traffic.
File Integrity Monitoring For Added Layer of Defense Against Malware
No single anti-virus or anti-malware product can protect your IT infrastructure. You need a FIM software like CimTrak to complement these preventive tools. It seamlessly works with anti-virus or other malware-preventing technologies by acting as the last line of defense. In today's environment, where the risk due to advanced persistent threats and zero-day attacks are at an all-time high, having a next-generation FIM tool, such as CimTrak, is more important than ever.
How? CimTrak can detect changes caused by unidentified malware which could potentially bypass your other network defenses. It has the ability to stop changes that anti-malware programs can't, such as zero-day attacks, the intentional introduction of malicious code by an insider, or an accidental error.
To learn more about protecting your IT infrastructure with powerful FIM tools like CimTrak, get a free demo today!
November 8, 2016