• 全国高考开展网上评卷 多重保障确保打分公平 2019-02-12
  • 韩消防直升机坠毁全程曝光[组图] 2019-02-12
  • 我写文章不是为了别人的赞许,是为了讨论问题,让人有思考的价值,就像你网名一样,探寻真理。我并非就全盘赞成市场经济,只是在讨论它的合理性,在文中也提问,“既然我们 2019-01-26
  • 诺贝尔文学奖丑闻祸首被正式起诉 或将面临6年刑期 2019-01-26
  • 不好意思了,忘记还有赌球一说。[哈哈] 2019-01-22
  • 天津市级机关工委机关党委部署开展br“不忘初心 牢记使命”——纪念建党97周年系列活动 2019-01-22
  • 夏季肠道容易“中风” 2019-01-19
  • 海岸旅行地中国国家地理网 2019-01-16
  • 安农大选配50名资深教授担任产业联盟“盟主” 2019-01-08
  • 太原引入“慢病PBM”管理模式 2019-01-08
  • 西安明德门遗址保护工程启动 将1∶1异地重现五门道城门明德门保护-要闻 2019-01-02
  • 报告:2017届大学毕业生就业率达91.9% 高职高专超本科 2019-01-02
  • 弘扬红船精神 当好勇立潮头城建排头兵 2018-12-29
  • 民航系统支援西藏机场建设发展工作会议召开 西藏将新增三个支线机场 2018-12-28
  • 《脱身》《爱国者》谍战剧暑期档C位霸屏 2018-12-24
  • Barron Rosborough, 7/11/18 11:04 AM

    Reactive Malware Defense Technologies

    群英会跨度走势图 www.xxnr.net Defending against Malware has focused on reactive technologies: intrusion detection, content filtering, detecting and blocking malware, etc. Time to get proactive.

    There is an ongoing argument as to how effective those reactive technologies are. There's no argument about the fact that most of these solutions require very competent operators: without a good administrator, an intrusion detection solution is meaningless.

    This discussion is not going to be about how good malware attack detection and blocking solutions really are, there are some excellent products out there, but more that they are all reactive. They must do a perfect job and block 100% of the attacks, or the web site will be infected. With the amount of attacks conducted today defense perfection is a difficult task.

    The number of different attack signatures currently being used recently doubled from 600K to over 1,600K - in just one year. This is following a multiyear, exponential rate of attack signature growth that is swamping the reactive solutions and their ability to find, and include each signature in their databases.

    The Malware Attack

    Malware attacks are almost entirely an automated activity. The days where a lone hacker decides to attack a single site are over. The goal is to use search and destroy programs to find thousands of vulnerable computers into which malware can then be installed. The goal? Build a botnet; a large network of computers that is ready to do the bidding of the controller.

    The goal of a botnet operator is to quickly get as many compromised machines as possible, and he cares very little about who the victims are. This means the 'low hanging fruit' - the machines that are easiest to attack - will be compromised and the sites and servers that are even slightly harder to crack are skipped.

    Focus: Proactive Malware Defense Solutions

    In the real world context of automated attacks, an excellent protection strategy consists of making your site and network less vulnerable than others. By identifying and eliminating your underlying vulnerabilities instead of attempting to detect and block 100% of the attacks against them you make your network harder to attack than hundreds of thousands of others who have left their vulnerabilities in place.

    By addressing this relatively small set of vulnerability issues, you can easily cause the attacker (typically an automated 'bot') to move to their next target in the target list rather than trying harder to penetrate you. This avoids the need to play Russian roulette by trying to identify and block every attack signature before it can carry malware into your machine and disable your defense perimeter.

    Making machines less vulnerable is not difficult. Botnets use relatively few, known vulnerabilities to attack (more on that later), and those vulnerabilities could be checked for and plugged relatively easily by finding and installing a missing patch, changing a vulnerable configuration, tightening up web applications, etc. A bot trying to attack a network with no high or medium risk, known vulnerabilities will be unsuccessful and will swiftly move on to the next target. From your point of view (protecting the organization you are responsible for) the task is accomplished.

    How Proactive Does Malware Defense Need To Be?

    Vulnerability Assessment and Management has been a major pillar of network security in enterprise, Class A networks for many years. Within just the last couple of years, medium and even small businesses are discovering the common sense of fixing their relatively few vulnerabilities rather than erecting more and more defenses to keep them from being attacked.

    Vulnerability Assessment tools, like beSECURE, scan every node on a network on a frequent, regular basis. Doing a penetration test, or having a security consultant scan your network once a year, every 6 months or even every 3 months doesn't cut it. They must be done regularly; on a weekly or at the very least monthly basis. The reason is obvious - Microsoft alone discloses a boatload of vulnerabilities every month (on "Patch Tuesday"), every one of which can affect your organization and open a potential security risk. But on top of that - networks are dynamic. Someone changing the firewall configuration can accidentally create an opening for an attacker.

    We strongly believe that periodic vulnerability scans, coupled with even basic malware detection and blocking, will be enough to prevent an organization from being compromised and becoming a part of a botnet - not because either method of defense alone leads to absolute protection, but because they harden the organization enough for the botnet operator to simply give up and move on to their next, weaker, target.

    Malware, Botnets and Known vs. Unknown Vulnerabilities

    A quick note about known vs. unknown vulnerabilities. While it is true that some malware attacks utilize "zero-day" vulnerabilities (attacks that have just been discovered and are referred to as 'unknown vulnerabilities') these attacks are a tiny minority. The reason is that 'zero day', unknown vulnerabilities are hard to discover and are thus expensive and relatively few in number.

    Computers that have been infected (zombies) are so numerous that there open market value is currently 4 cents (US). If I have information on how to compromise a network that nobody else knows about, would I waste it adding zombies to my botnet? No - I would sell it on the open market (where I can fetch $10,000-$100,000 easily for this information) or use it to compromise a lucrative target such as a bank, sensitive government network, or similar high value target. The fact of the matter is that close to 100% of the successful malware and botnet-related attacks use known vulnerabilities.

    Proactive vs. Reactive Malware Defense ROI

    In summary, while it is 'sexy' to talk about reactively detecting and blocking attacks, it is impractical, reactive and often impossible to do without expensive technical expertise. It is much cheaper and effective to be proactive and run periodic vulnerability scans to detect the relatively easy to find known vulnerabilities that are used to break into the network, and plug those holes before they are used by attackers.

    Find out more about how beSECURE, the Automated Vulnerabilty Detection System, can protect against malware. Use the form on this page, email or call us.

  • 全国高考开展网上评卷 多重保障确保打分公平 2019-02-12
  • 韩消防直升机坠毁全程曝光[组图] 2019-02-12
  • 我写文章不是为了别人的赞许,是为了讨论问题,让人有思考的价值,就像你网名一样,探寻真理。我并非就全盘赞成市场经济,只是在讨论它的合理性,在文中也提问,“既然我们 2019-01-26
  • 诺贝尔文学奖丑闻祸首被正式起诉 或将面临6年刑期 2019-01-26
  • 不好意思了,忘记还有赌球一说。[哈哈] 2019-01-22
  • 天津市级机关工委机关党委部署开展br“不忘初心 牢记使命”——纪念建党97周年系列活动 2019-01-22
  • 夏季肠道容易“中风” 2019-01-19
  • 海岸旅行地中国国家地理网 2019-01-16
  • 安农大选配50名资深教授担任产业联盟“盟主” 2019-01-08
  • 太原引入“慢病PBM”管理模式 2019-01-08
  • 西安明德门遗址保护工程启动 将1∶1异地重现五门道城门明德门保护-要闻 2019-01-02
  • 报告:2017届大学毕业生就业率达91.9% 高职高专超本科 2019-01-02
  • 弘扬红船精神 当好勇立潮头城建排头兵 2018-12-29
  • 民航系统支援西藏机场建设发展工作会议召开 西藏将新增三个支线机场 2018-12-28
  • 《脱身》《爱国者》谍战剧暑期档C位霸屏 2018-12-24