What are some of the drawbacks and limitations of network-based malware detection? We're trying to determine the...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
ROI of supplementing our client anti-malware software with network malware detection.
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
Just like everything else in security, you're trying to calculate the ROI for a product that's being used as insurance, and that isn't an easy task. The insurance in this case is network-based malware detection, an up-and-coming method of malware protection or, as we like to call it in the security industry, an additional layer of protection.
Network malware detection isn't brand new, but it's starting to get some press as of late. The ability to position a device at your perimeter or throughout your network potentially allows for greater coverage of your network and the data passing through it. This being said, there are architectural limits of certain devices. Some of these devices are inline, which can create latency on your network. It might not be much, but latency is latency, especially if you are already dealing with a bandwidth issue. Many files will be scanned multiple times if you're using other security systems like IPS, spam firewall, and the like.
Also, some network-based malware detection systems need a span port to monitor certain aspects of the network. The system must be positioned properly for the best view of your network and might require additional hardware for complete coverage. Lastly, there is no silver bullet when installing new products. Many of these systems combine their efforts by searching for malware, finding known outbreaks or attacks and updating their methods to defend against them.
This is a great layer to defend against malware, but like anything else it needs to be tuned and managed. Since the system sees everything on the network, there could be quite a few false positives, and it could hold back data if not configured properly or monitored. Don't for a minute think you can put in a system and forget about it.
One way to help determine the ROI for this project is to consider the ineffectiveness of current methods of malware protection. Trends and data show that endpoint malware protection hovers around 50 to 60% effectiveness (on a good day) and is almost useless against zero-day threats. As for a ROI on the system itself, I would show the current price of the product with the added benefit you'll receive, plus any older legacy systems that it could replace.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Matthew Pascucci
A new version of the Ursnif Trojan uses mouse movements to bypass security efforts by beating sandbox detection. Expert Matthew Pascucci explains how...continue reading
Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci ...continue reading
Explore the differences of public versus private bug bounty programs, as well as the benefits of each one. Expert Mathew Pascucci explains the risk ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.