Breaking Down The Critical Security Controls – CSC 8: Malware Defense2 min read
Malware is the cancer of the Internet. A recent report detailed how five new malware programs are detected every second. Hackers and cyber criminals bombard the world with programs to exploit and infiltrate where ever they can. All they need to do is be right, or lucky, once. You as a security professional need to be right all the time.
Defending the environment from malware that can steal your data, grab administrative accounts, delete data or hold your data hostage until you pay up. Malware has been around since the first computers and they are only getting smarter, more sophisticated and far more numerous.
Malware defense comes in at number eight in the CSC controls, here’s what the control says –
Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.
The best defense against malicious software is anti-malware software. Fight software with software. Every computer in your environment should have a security endpoint agent or component designed specifically for malware defense. Whether it’s a anti-virus specific tool or built in to a greater IPS suite, don’t leave any computer out. I have seen that internal servers are left off when it comes to having anti-virus packages installed on them. The main excuse I hear is ‘overhead’ or ‘performance issues’. Bull. The servers may be isolated from the Internet but the client machines and computers the administrators use to connect and maintain those servers are not. Malware doesn’t just infect the computer it comes in on, in most cases those machines are left unaffected as the malware searches the network. Don’t leave any computer behind, dev to prod.
There are additional configuration changes you can make that can slow or limit the damage malware can do. Some of those can be disabling the use of USB, not allowing for drive mapping, preventing applications from running out of specific directories such as %APPDATA%, don’t allow anyone to use local accounts with administration rights on a regular basis.
Implement network level detection as well. Monitor the egress point, watch every packet in and out. Whitelist business sites. Block unused protocols such as telnet, ftp, etc…
Most important of all, update, update, update.
Stay on top of all your updates.
How It Can Be Exploited
Malware is the top method to infiltrate an environment. Social engineering and vulnerability exploitation as close followers. Infected Word documents, PDF, images, tricky downloads, bad apps, links in emails to malicious locations. The main goal to get a software package installed that can do the real damage.
Keep your employees knowledgeable on the delivery mechanisms, stay current with your security awareness training, run phishing campaigns, and invest when and where you can to improve your detection capabilities.
One bad file can ruin your week… or career.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.
Follow Me On Twitter