To add to the growing list of infosec acronyms, I recently read about the threat posed by advanced volatile threats...
(AVTs). Can you explain what is meant by the term AVT and how enterprises can prepare for such threats?
Advanced volatile threat (AVT) is one of the newest fad terms used for marketing security tools and helping companies make their products seem new, fresh and ready to stop up-and-coming attacks.
Ask the Expert
Have questions about enterprise threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Simply put, AVTs are attacks that are only resident in memory and are not written to disk. Memory-based malware is inherently more difficult to detect than other malware; it cannot be identified solely by monitoring the file system. Fortunately, there are many ways to initially detect something that needs to be examined on a system, which will make memory-based malware detection easier. The Windows Incident Response Blog has articles on how to perform memory forensics and malware analysis that could be used to detect an advanced volatile threat.
Once a suspicious network flow or account activity is discovered, an investigation can be done to identify what caused the suspicious activity. Additionally, monitoring for suspicious network connections can be done without access to the compromised system. An enterprise should prepare for an AVT by closely monitoring its systems using anomaly detection techniques and securing its endpoints.
Memory-based malware attacks date back to 2002 if not earlier, and antimalware tools have been addressing the threat of memory-resident malware ever since. So, while the threat is not necessarily new per se, it is still quite volatile because once a system is rebooted, any malware resident only in memory will disappear and requires reinfection of the system to gain access again. Yet reinfection can be easily accomplished if an infected system on the local network has not yet rebooted.
Related Q&A from Nick Lewis, Enterprise Threats
Chameleon malware targets insecure wireless access points. Enterprise threats expert Nick Lewis explains how to defend against the malware.continue reading
The Zeus malware is threatening RTF security by embedding itself in the file, which is commonly seen as safer than other file formats such as PDFs. ...continue reading
Enterprise threats expert Nick Lewis explains how to detect and avoid one of the most advanced malware threats: The Mask.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.