THREAT MONITOR
Stopping malware in its tracks
Lenny Zeltser, Contributor
03.11.2008
Rating: -3.00- (out of 5)
|
This tip is part of SearchSecurity.com's Intrusion Defense School lesson The threat landscape for 2008: Protecting your organization against next-generation threats. Visit the lesson page for more learning resources, or browse our Security School Course Catalog for more learning resources.
Malicious software helps attackers infiltrate network and system defenses, disrupt business operations, and funnel sensitive data out of corporate and personal computers. Unfortunately, there is no single-step fix to preventing and even detecting infections. Stopping malware requires an approach grounded in awareness and control.
Be attuned to the state of your network and systems
Malicious software, such as bots and spyware, often goes unnoticed for far too long. Well-crafted malware can avoid being detected by antivirus software and intrusion detection systems. The first line of defense against such a formidable foe is to become familiar with the normal state of your IT infrastructure, and monitor it to detect anomalies.
Establishing and maintaining IT infrastructure awareness means committing to the following steps:
Trap malware with honeypots
Honepots combine the best aspects of detective and preventative technologies in the fight against malware. Honeypots are systems specifically deployed to be compromised. While the development of commercial honeypots seems to have lost steam, there is a plethora of innovative and freely available honeypot technologies. When carefully deployed, they
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
can strengthen an enterprise's defensive posture in several ways:
The most challenging aspect of using honeypots is deploying them in a manner that prevents an intruder from using them as a launching pad for attacks. If your organization chooses to experiment with honeypots, be sure to implement the safeguards outlined in each tool's documentation. For an overview of honeypots and deployment scenarios, see the book Virtual Honeypots by Niels Provos and Thorsten Holz.
Protect the endpoint from malware threats
Alas, despite information security's best efforts, malicious software may bypass network defenses and reach a system you're trying to protect. Personal computers are particularly vulnerable, because PCs are often used in unpredictable ways and places. Here are the techniques that can help lock down laptops and desktops:
A comprehensive security program is a must
As your organization considers its antimalware strategy, remember that there is no quick fix to this growing threat. Effective approaches incorporate detective and preventative controls that create multiple defensive layers. There are products, both commercial offerings and free tools, to help you along the way. These tools are only as effective as the overall security program that they are a part of.
About the author:
Lenny Zeltser is the New York security consulting leader at Savvis Inc. He is also a senior faculty member at SANS Institute, where he teaches a course on reverse-engineering malware.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
