Malware Defense: Up Your Game!

By: Darin Barton CISSP, CISA, ITILv3

In 2016, organizations can no longer hope to successfully quarantine and clean infected systems on a regular basis. Today, our strongest recommendation is to DETECT, ISOLATE and RE-IMAGE; but this is easier said than done without the proper strategy in place.

One of the most challenging obstacles for IT is to both identify and block malware as it crosses the network threshold. Malware can enter a host system through several attack vectors, such as:

Web Sites
File Sharing Applications and Drop Boxes
Email
Removable disks and IoT (Internet of Things) Devices

which have become increasingly difficult to manage.

We’ve all heard the adage “a layered security approach is your best defense”. Layering security increases the odds of defending your organization; but you must layer your security with the proper tools. Your gateway web content security solution (UTM firewall or best of breed solution) will play an important part in this but it can not be completely relied upon. When applying this philosophy to malware prevention there are several specialized solutions that can dramatically increase your malware detection levels, and most importantly, isolate infected devices from the network before they become a major headache for your business.

Threat Management Systems, or “sandboxing”, has the ability to explode malware within it’s emulation systems, allowing for an increased chance to identify and block malicious traffic; but this on it’s own is not enough. There must also be an ability to identify the endpoints that are triggering the traffic, automatically isolate them from the network and alert the security admins team. To this end you will need tight integration between the sandboxing solution and the endpoints through a managed interface.

Once you have isolated the endpoints from the network, the task of cleaning the systems should be quick and efficient. We have found that trying to quarantine and clean systems is very difficult regardless of the tools you have available. Especially when your MBRs (Master Boot Records) are compromised. The best method is to completely re-image your systems, thus, modifying the expression; Detect Isolate Recover to Detect Isolate Re-Image. This requires some forethought and a strategy to ensure endpoint data is not lost. In the long run it will save you a lot of time, effort, money and headaches.

There are several manufacturer solutions that fully support the detection and isolation strategy:

Trend Micro: Deep Discovery Sandbox, Deep Security for Virtualized Systems, OfficeScan for Endpoints with Control Manager to tie it together. Perfect for organizations already utilizing Trend.
Cisco Systems: FireAMP for Endpoints is an excellent solution to continuously detect, track, analyze, control, and block advanced malware outbreaks across endpoints.
Fortinet Networks: FortiManager, FortiAnalyzer, FortiGate Firewalls, FortiSandbox and FortiClient are a holistic solution which ties all of your key security assets into a strong mitigation play.

Good luck in your battle against malware.

:Darin Barton CISSP, CISA is a senior security professional in Toronto Canada, with 20+ years experience in cybersecurity and investigations and currently employed with Access 2 Networks Inc. (A2N).

Testimonials

"Outstanding support... Unmatched technical expertise. Unbiased opinion. The level of service from A2N post-sales is unparalleled in the industry."

Jamil El Ghazal, Manager, Multiview Corporation

"Thank you for always going above and beyond. Your managed cybersecurity services are exceptional and you constantly demonstrate your dedication to customer service."

Brad Waller, IT Manager, Commonwell Mutual Insurance

“Special thanks to you and your team for the quick turnaround. This is why I keep coming back!”

Byron Bricker, IT Manager, Konrad Group

“…we were really impressed with their service and capability. Most importantly, they share their knowledge. I would recommend them to anyone.”

Guy Parisien, Network Administrator, Canada Council for the Arts

“A2N is one of those companies that just knows how to do things right. They were the best partner choice I ever made. Highly recommended!”

Steven Waters, VP IT, Cannex Financial Exchange

“The team at A2N have helped us out time after time from consulting to fixing. They can always be counted on for their support and they deliver amazing results. These guys, simply, are incredible! “

Chris Stapells, IT Manager, RPM Technologies

"As a major health care provider, we needed a key partner in helping us identify and design a comprehensive solution. Our continued working relationship and aftersales support has been exemplary. I would highly recommended A2N"

Christopher Broadbent, IT Department, Ungava Tulattavik Health Center

A2N – IT Matters-Secure IT

BLOG