Check this link:
http://www.sans.org/critical-security-controls/control.php?id=5
Everyone knows they should have Anti-Virus software. Well, I would hope most people do. Anecdotal evidence aside, why should people have Malware defense? Well like anything else I think a discussion of definitions needs to occur. Now hold on, this isn't going to be some boring list of words. It's going to be an exciting one! Malware is really just a catchall term for any piece of bad software. It's all the viruses, spyware, Trojans, logic bombs, ad-ware, and spyware that exists. Think of it as software that wants to hurt you and your PC.
Ok, now that we have defined it what can we do to stop it? Well the short answer is... not much. The people who are creating advanced malware are working very hard to do so. They have access to all the latest software and antivirus software. In fact they have kits which are intended to help them do this. You can actually lease time on cloud based services designed to create and distribute sophisticated attacks. https://blog.damballa.com/archives/tag/cloud. So if you are still reading you may be thinking, "well that's a lot of doom and gloom." Well hang in there.
While sophisticated attacks do exists many of the attacks being used are not. In fact many of the attacks which occurred last year were unsophisticated. http://blog.trendmicro.com/trendlabs-security-intelligence/how-sophisticated-are-targeted-malware-attacks/ This article discusses this idea. In addition, for a far more detailed analysis you can check to he Verizon Data Breach Investigation report. So if the attacks are using known vulnerabilities why can't we just fix them? In some cases this is due to the vendor not being able to re-work a difficult issue. However, in some cases it is because the end users need the functionality that is being exploited. Or, it may be that the flaw is not in public view.
The answer to all of these concerns is Malware defense. In a corporate environment have an automated anti-virus solution, monitor that antivirus solution, act on the reports it gives you, update the system, and most importantly educate users about it. This type of protection can also be integrated into firewalls. Network monitoring tools can look for known viruses, and bad behavior on a network. Most importantly have a plan. What will you do if a system becomes compromised? Who will you call, where will a replacement PC come from? More importantly how will you rebuild a server? How long will it take? Will you invest in a cleanup and evidence preservation effort? If you don't have the answers to all of these questions you are like most people. If you are looking for a place to start read SANS control 5.
The secret to malware defense is understanding the risk present, proper protection, and a recovery plan.
No comments:
Post a Comment