Malware seems to be everywhere and it’s incredibly challenging to combat. It can take many forms and is increasingly resistant to traditional approaches to detect and stop. Instead of relying on a single attack vector, malware will use whatever unprotected path exists to reach its target and accomplish its mission.
Mosquitoes are quite similar. There are thousands of species and numerous ways to try to protect against them but each method has its limitations. You can’t walk around completely covered, sound waves and fans have mixed results and, increasingly, mosquitoes are developing resistance to many pesticides. Mosquitoes only need a very small gap in coverage to attack. Depending on the species, a bite can have serious health implications unless quickly diagnosed and treated.
Malware is affecting more and more organizations every day. According to the 2013 Verizon Data Breach Investigation Report, of the top 20 types of threat actions last year, malware is the most common methodused– at 10 – followed by hacking and social engineering. Increasingly, blended threats that combine several methods –for example, phishing, malware and hacking– are being used tointroduce malware, embedthe malware in networks, remain undetected for long periodsof time and steal data or disruptcritical systems.
The evolving trends of mobility, cloud computing and collaborationare paving the way for new malware attacks we couldn’t have anticipated just a few years ago and that require new techniques to defend against. A growing attack vector, smartphones, tablets and other mobile deviceshave become essential business productivity tools. As their performance and roles in the workplace approach that of traditional desktop and laptop computers, it becomes even easier to design malwarefor them, and more fruitful.Theincreased use of mobile apps also creates opportunities for attackers. When users download mobile apps, they’reessentially putting a lightweight client on the endpoint and downloading code. Many users download mobile apps regularly without any thought to security, exposing the organization to greater risk.
Extending networks to include business partners and an increasing reliance onInternet service providers and hosting companies are prompting cybercriminals to harness the power of the Internet’s infrastructure, not just individual computers, to launch attacks. Websites hosted on compromised servers are now acting as both a redirector (the intermediary inthe infection chain) and a malware repository.
- ‘Watering hole’ attacks targeting specific industry-related websites to deliver malware
- Malware delivered to users legitimately browsing mainstream websites
- Spam emails that appear to be sent by well-knowncompanies but contain links to malicious sites
- Third-party mobile applications lacedwith malware and downloaded from popular online marketplaces
Traditional defenses are no longer effective in helping organizations deal with today’s cybersecurity challenges including a greater attack surface, the growing proliferation and sophistication of attack models and increasing complexity with the network. Technologies to protect against threats must continue to evolve and become as pervasive as the attacks they are combatting. It’s more imperative than ever to find the right threat-centric security solutions that can work in your current environment and can easily adapt to meet the growing needs of your extended network, which now goes beyond the traditional perimeter to include endpoints, email and web gateways, mobile devices, virtual, data centers and the cloud.
When evaluating your approach to security in light of pervasive malware, seek out solutions that addressthese daunting challenges:
A greater attack surface.To deal with ever-expanding attack vectors, you need visibility across the extended network with contextual awareness. The more you can see, the more you can correlate seemingly benign events and apply intelligence to identify and stop threats, for example detectingzero-day‘unknown’ malware that might enter through email or the web and taking action.
Growing proliferation and sophistication of attack models.Policies and controls are important to reduce the surface area of attack but threats still get through. A laser-focus on detecting and understanding threats after they have moved into the network or between endpoints is critical to stopping them and minimizing damage. With advanced malware and zero-day attacks this is an ongoing process that requires continuous analysis and real-time global threat intelligence that is shared across all products for improved efficacy.
Increasing complexity of the network. Networks aren’t going to get any simpler and neither will attacks. You can’t keep addingtechnologies without shared visibility or controls.To address mounting complexity while detecting and stopping modern threats, you need an integrated system of agile and open platforms that cover the network, devices and the cloud and enable centralized monitoring and management.
Like mosquitoes, malware is everywhere and is a formidable adversary. I don’t have great insights into what’s happening on the mosquito-fighting front. But I can say that the best minds in the cyber security industry are focused on the malware problem. Next week’s RSA Conference USA 2014 will be a great opportunity to start to assess the state of the industry and its progress in helping you deal with pervasive malware.
Anthony Perridge, EMEA Channel Director at Sourcefire, now a part of Cisco