Malware, short for malicious software, harm the enterprise network in one way or the other. Spyware steals confidential data. Ransomware disrupts operations demanding a ransom to restore them. Crypto miners slow down servers by using them to mine cryptocurrencies. …and so on.
The two characteristic features of malware are:
These are delivered using a variety of ways. The most common are:
As human error causes most security breaches, the first step is user awareness training. Despite being aware, malicious emails and websites that tempt users with
occasionally succeed.
Presented as urgent, they force the user to make a quick uninformed decision.
The attackers are in a statistical game that requires only a tiny fraction of their attempts to work. Therefore, user training is not a complete solution; enterprises need other tools to reduce the threat.
Whatever the policies, administrators must expect some malware to sneak through. The solution hinges on three activities.
Ideally, you require all three, but the expense can be a significant factor for smaller businesses.
Commercial systems may have vulnerabilities hitherto unknown to the manufacturer. An attack is zero-day if it occurs before the manufacturer knows about it, zero referring to the number of days between the attack and the manufacturer's discovery of the vulnerability.
Nation-states and Organized Crime syndicates have started using cyber attacks on
prominent private and public organizations. Termed Advanced Persistent Threats, these
attacks are hard to defend without the right tools and experise.
They are
Encryption turns data into gibberish to prevent theft. However, it also prevents network-based scanners from looking at them.
For smaller organizations, a Next-Generation Firewall (NGFW) could be enough. It combines traffic decryption and intrusion prevention in the same box in addition to standard firewall functions.
In more extensive networks where separate appliances perform these functions, successive decryption/re-encryption in each service cause higher latency. The cryptographic operations, being resource-intensive, waste processing capacity at each scanner.
Over-sized security scanners and high network latency increase cost and diminish user experience. Ironically, the solution lies in adding another device, a Network Packet Broker.
They decrypt the data traffic, pass the unencrypted data through all the scanners residing on a separate network segment, and re-encrypt the data before forwarding it.
With hardware-accelerated cryptography, Network Packet Brokers reduce latency. None of the other services now perform cryptographic operations, thereby reducing the processing capacity needed.
User devices, or endpoints, are the gateways that bring in malware. Users execute email attachments, plugin infected removable drives, visit dubious websites, etc. Endpoint protection software keeps track of disks, network, and memory on a user device looking for malware signature.
Yes, EPP efficacy depends on keeping the software on all user devices up to date. Now, all endpoint detection and response (EDR) systems have central orchestrators that automate this process.
Microsegmenting a network is the best way to achieve this. Traditional networking divides a vast network into several broadcast domains called Virtual LANs, with a reduction in overall broadcast traffic being its primary goal.
All hosts in a virtual local area network (VLAN) see other unimpeded. Only a firewall on the host itself can restrict incoming traffic. Software-defined networking changes that by creating a network perimeter around every network host. Such a micro-perimeter prevents host visibility on the network reducing virus spread significantly.
An Indian startup, Block Armour, uses centrally controlled firewall/VPN agents on every host to implement a software-based device perimeter. While intended as a solution for access control, it also helps in containing malware spread significantly.
While we have partner relations with many product companies, we do not prefer any specific brand; we decide on a suitable product in collaboration with the customer based on their needs.