Malware Prevention Is the Best Medicine
Malware is becoming increasingly more uproot with every coming month. Governments are now using cyber warfare against their enemies and allowing their technology to leak across the continents. Hackers are making money, not only by breaking into secure systems, but by openly selling their code on the Internet, so any junior hacker can get a piece of the pie.
Every IT professional knows their network cannot stop all the viruses that come through their systems by relying on mere antivirus software. It takes a multi-layered defense involving multiple technologies to stop the infiltrator.
When hackers writes their code, they have the luxury of knowing what that code will perform. They choose an operating system, delivery method, activation time, activity (e.g., spamming, stealing personal information, making computers not work properly), and hundreds of other variables. This makes it hard for antivirus companies, because hackers are learning to disguise their code as part of the operating system or by piggy-backing data packets.
The report, Rooting out Sophisticated Malware, published by InformationWeek and Dark Reading states, "A new category of products has emerged to help deal with unidentified malware. Network-based virus-detection systems and sandboxes go beyond the traditional signature-based and limited heuristics capabilities offered by antivirus vendors. These systems can run suspicious files through virtual machines and monitor for malicious behavior [...] [to] prevent malicious files from ever making it into the target network."
The idea is to stop the malicious content from ever getting to the desktop. If the code reaches its destination, it will propagate and spread across the network. A normal defense may consist of the standard firewall, email security gateways, some kind of analysis platform to determine possible infected packets, a secure web gateway, and of course, antivirus software on the desktop.
This is a good wall of defense, but the more traffic the network supports, the slower it will run. It has to take the time to process every packet of data to verify there is no piggy-backing on HTTP or encrypted HTTPS traffic.
This is where the cloud's resources can come in handy. The cloud has virtually unlimited resources. Adding cloud-based antivirus scanning to your defense model will aid in faster delivery times of traffic. Faster and more secure retrieval times mean more production and a peace of mind about your network.
There is no sure way to stop all forms of malware from getting to your network, but there is something IT has to its advantage: Hackers are generally greedy and sometimes impatient. The majority of viruses and worms are persistent. When they get into the network, they will not stop pounding til they reach their goal. This makes such activitiy a bit easier to catch. The Flame and Stuxnet viruses were built for the long run to gather information, but this takes time, and most hackers want results immediately.
Midsize businesses should re-evaluate their current network topology and upgrade it as needed. IT professionals need to evaluate the best defense-to-speed ratio for their network. Look into the possibility of using cloud antivirus software as an added security, and keep up to date on virus activity.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.