Barron Rosborough, 7/11/18 11:04 AM

Reactive Malware Defense Technologies

河北20选5走势图表 Defending against Malware has focused on reactive technologies: intrusion detection, content filtering, detecting and blocking malware, etc. Time to get proactive.

There is an ongoing argument as to how effective those reactive technologies are. There's no argument about the fact that most of these solutions require very competent operators: without a good administrator, an intrusion detection solution is meaningless.

This discussion is not going to be about how good malware attack detection and blocking solutions really are, there are some excellent products out there, but more that they are all reactive. They must do a perfect job and block 100% of the attacks, or the web site will be infected. With the amount of attacks conducted today defense perfection is a difficult task.

The number of different attack signatures currently being used recently doubled from 600K to over 1,600K - in just one year. This is following a multiyear, exponential rate of attack signature growth that is swamping the reactive solutions and their ability to find, and include each signature in their databases.

The Malware Attack

Malware attacks are almost entirely an automated activity. The days where a lone hacker decides to attack a single site are over. The goal is to use search and destroy programs to find thousands of vulnerable computers into which malware can then be installed. The goal? Build a botnet; a large network of computers that is ready to do the bidding of the controller.

The goal of a botnet operator is to quickly get as many compromised machines as possible, and he cares very little about who the victims are. This means the 'low hanging fruit' - the machines that are easiest to attack - will be compromised and the sites and servers that are even slightly harder to crack are skipped.

Focus: Proactive Malware Defense Solutions

In the real world context of automated attacks, an excellent protection strategy consists of making your site and network less vulnerable than others. By identifying and eliminating your underlying vulnerabilities instead of attempting to detect and block 100% of the attacks against them you make your network harder to attack than hundreds of thousands of others who have left their vulnerabilities in place.

By addressing this relatively small set of vulnerability issues, you can easily cause the attacker (typically an automated 'bot') to move to their next target in the target list rather than trying harder to penetrate you. This avoids the need to play Russian roulette by trying to identify and block every attack signature before it can carry malware into your machine and disable your defense perimeter.

Making machines less vulnerable is not difficult. Botnets use relatively few, known vulnerabilities to attack (more on that later), and those vulnerabilities could be checked for and plugged relatively easily by finding and installing a missing patch, changing a vulnerable configuration, tightening up web applications, etc. A bot trying to attack a network with no high or medium risk, known vulnerabilities will be unsuccessful and will swiftly move on to the next target. From your point of view (protecting the organization you are responsible for) the task is accomplished.

How Proactive Does Malware Defense Need To Be?

Vulnerability Assessment and Management has been a major pillar of network security in enterprise, Class A networks for many years. Within just the last couple of years, medium and even small businesses are discovering the common sense of fixing their relatively few vulnerabilities rather than erecting more and more defenses to keep them from being attacked.

Vulnerability Assessment tools, like beSECURE, scan every node on a network on a frequent, regular basis. Doing a penetration test, or having a security consultant scan your network once a year, every 6 months or even every 3 months doesn't cut it. They must be done regularly; on a weekly or at the very least monthly basis. The reason is obvious - Microsoft alone discloses a boatload of vulnerabilities every month (on "Patch Tuesday"), every one of which can affect your organization and open a potential security risk. But on top of that - networks are dynamic. Someone changing the firewall configuration can accidentally create an opening for an attacker.

We strongly believe that periodic vulnerability scans, coupled with even basic malware detection and blocking, will be enough to prevent an organization from being compromised and becoming a part of a botnet - not because either method of defense alone leads to absolute protection, but because they harden the organization enough for the botnet operator to simply give up and move on to their next, weaker, target.

Malware, Botnets and Known vs. Unknown Vulnerabilities

A quick note about known vs. unknown vulnerabilities. While it is true that some malware attacks utilize "zero-day" vulnerabilities (attacks that have just been discovered and are referred to as 'unknown vulnerabilities') these attacks are a tiny minority. The reason is that 'zero day', unknown vulnerabilities are hard to discover and are thus expensive and relatively few in number.

Computers that have been infected (zombies) are so numerous that there open market value is currently 4 cents (US). If I have information on how to compromise a network that nobody else knows about, would I waste it adding zombies to my botnet? No - I would sell it on the open market (where I can fetch $10,000-$100,000 easily for this information) or use it to compromise a lucrative target such as a bank, sensitive government network, or similar high value target. The fact of the matter is that close to 100% of the successful malware and botnet-related attacks use known vulnerabilities.

Proactive vs. Reactive Malware Defense ROI

In summary, while it is 'sexy' to talk about reactively detecting and blocking attacks, it is impractical, reactive and often impossible to do without expensive technical expertise. It is much cheaper and effective to be proactive and run periodic vulnerability scans to detect the relatively easy to find known vulnerabilities that are used to break into the network, and plug those holes before they are used by attackers.

Find out more about how beSECURE, the Automated Vulnerabilty Detection System, can protect against malware. Use the form on this page, email or call us.

  • 游江:游江闲画——猫的心事 2019-04-20
  • 第二章 在土地革命战争中开辟农村包围城市的道路 2019-04-20
  • 我相信“交警雨中护送高考生”是真,“交警雨中护送高考生”反被该高考生家长投诉是假。 2019-04-19
  • 6个关键词 教你读懂最新癌症预防报告 2019-04-16
  • 湖南衡阳一科目三考场请高僧开光祈福被责令整顿 2019-04-14
  • 端午假期国内游客超8900万人次 2019-04-14
  • 40载情定广彩 终练就“国大师” 2019-04-13
  • 孙实的专栏作者中国国家地理网 2019-04-13
  • 信息网络传播视听节目许可证 2019-04-09
  • 中国经济充当了世界经济发展的火车头。但是,作为世界经济火车头的中国,在世界主要经济体股市都走牛的情况下,为何熊途漫漫?这种不正常的现象,背后是我们资本市场的投融 2019-04-09
  • 入梅,湖北防汛如何应对 2019-04-07
  • 南宁市启用新能源汽车专用号牌 2019-04-07
  • 以古鉴今,习近平多次提及屈原 2019-04-07
  • 一粒红枸杞 父子两代情 2019-04-04
  • 【惊坛投稿】帮你上头条!来给“一语惊坛”投稿,下一个头条就是你! 2019-04-03
  • 222| 253| 509| 768| 696| 756| 313| 846| 195| 786|