May 21, 2012
Strategy: Rooting Out Sophisticated Malware
Every week there’s a new piece of malware or botnet in the news threatening enterprise and home users. Indeed, it seems we can’t go a day without hearing about malware affecting a co-worker’s or family member’s computer, or about some botnet wreaking worldwide havoc. In addition, malware is getting more sophisticated—it often combines worms, Trojans and bots, and can morph automatically to prevent detection. Malware is everywhere, and because of the low barrier to entry for cybercriminals buying point-and-click malware kits, not to mention the potential for substantial reward, the situation is likely to get worse before it gets better.
During the last five years, it’s become painfully obvious that traditional antivirus products on their own are not able to keep up with the onslaught of new malware. Antivirus vendors are supplementing their products with collective analysis and powerful processing afforded by the cloud, but they are still challenged to adapt quickly enough to meet today’s threats.
A new category of products has emerged to help deal with unidentified malware. Network-based malware-detection systems and malware sandboxes go beyond the traditional signature-based and limited heuristics capabilities offered by antivirus vendors. These systems can run suspicious files through virtual machines and monitor for malicious behavior at the network, file system and process layers. Their goal is to detect and prevent malicious files from ever making it into the target network. After all, if the files don’t reach the desktops or servers, they can’t compromise them.
However, no one product—no matter how sophisticated—can detect all malware, nor can it replace a layered security system. A combination of technologies and best practices can aid enterprises in the fight to detect and stop advanced malware attacks before a serious breach occurs.(S4880512)