Clearpath’s Blog on IT Infrastructure, Hybrid Clouds and IT Security

Detecting and Blocking Malware at the Gateway

Posted by Clearpath Solutions Group on Thu, Dec 08, 2016 @ 02:13 PM

Modern malware is evolving at an extremely rapid pace. In fact, a new malware is created nearly every second. Due to the dynamic landscape of ever-growing malware variants, traditional antivirus solutions are becoming less effective - unable to detect and block the unknown hacked-phone-1.jpgmalware before it can infiltrate and compromise an organization’s network and systems, driving the need for a more comprehensive solution. In the past two years this has become an increasing busy space among OEM solutions providers. Cisco Systems, Checkpoint software, and Fortinet have invested in providing cost effective solutions that are easily managed resulting in low effort required to provide critical protection of your organizations devices.

The best way to solve any problem is to address the problem with a multi-pronged approach. In IT security, the most common means of fighting malware is the defense-in-depth strategy. The goal being to slow the attacker and prevent the less sophisticated actors from compromising systems while ensuring that companies have multiple layers of defense. This section will focus on malware detection and prevention at the gateway, the outermost layer at which companies can begin defending against malware. It is easy to think of the gateway defense as the large side of the funnel where we would like to have large net cast before our more specific defenses on the network and endpoint are engaged thus slowing the attacker and reserving resources on our back end systems and endpoints .

Two forms of malware defense at the gateway are IPS and firewalls. Both are a preventative technical control with the purpose to guarantee that incoming network traffic is legitimate. An IPS unit is installed to monitor traffic and reacts when it finds something suspicious, unlike a firewall that works by blocking based on static rules and what an IT manager has approved in the network. In the past, firewalls were discouraging because of their complexity and high cost but newer models provide easier management, control, and cost flexibility.

Enter Cisco ASA Firewall with Firepower Services - while other companies require multiple lines of products for defense, Cisco can provide the same level of protection with the single Cisco ASA Firewall. Considered one of the most secure firewalls, the ASA Firewall is Clearpath’s leading product with its strongest defense consisting of its multilayered protection. 

Cisco ASA Firewall with Firepower Services

The Cisco ASA Firewall is ideal for small to midsize businesses because of its easy management and low total cost of ownership.

With Cisco Firepower Management Center, users experience simplified management which provides network visibility and low operation cost. This prevents out sourcing of IT work and gives companies greater control of their own network.

Cisco Firepower Management Center

An additional form of defense is the Cisco NGIPS (Next Generation Intrusion Prevention System). An improved IPS, the NGIPS can rapidly detect, block, contain, and remediate advanced threats. One of Clearpath’s leading products for its virtual capabilities, the NGIPS gives IT managers’ control and deep insight into network devices, applications, users, operating systems, files, and more. Managers use this information to better understand network behavior and evaluate intrusion events.

Two other strong security partners providing gateway services favored by Clearpath are Checkpoint and Fortinet. Checkpoint provides firewall and IPS in one appliance for midsize to large data centers that are high-performance and have multi-core capabilities. Clearpath recommends Checkpoint’s 23000 Security and 4100/6100 Security Systems. This mix of hardware and software gives in house IT visibility to manage and protect complex networks. Fortinet is known for its FortiGate products - all-inclusive security products with the ability to perform multiple security functions within one physical and virtual appliance. A strong combination of firewall and IPS, these products are ideal for all enterprises – small, midsize, and data centers.

Antivirus and Anti-Malware Software is installed at the gateway, stopping infections before they have a chance to affect users. This works in a similar fashion as anti-malware installed at the endpoint. Using a continually updated list of antivirus and anti-spyware signatures and anomaly-based protections, the Antivirus and Anti-Malware Software protects against threats transmitted through popular network protocols including HTTP, FTP, SMTP, POP3. Many of the products emerging in this space have very good catch rates and are centrally managed with other IT security services on the same device, greatly increasing productivity of often thinly staffed IT Security teams. While this does not replace traditional agent based anti-malware products, user education and potent e-mail inspection products, it does provide a first line of defense to your datacenter and user base that utilize network resources on premises.

Cisco’s Advanced Malware Protection solution provides protection before, during and after an attack. It blocks malware trying to infiltrate the gateway and uncovers and mediates advanced malware attacks. AMP goes beyond point and time capabilities, it monitors files and traffic throughout the network. Users have a complete picture of all files and can track a malware from point of entry and where it travels within the network, and then eliminate it within the manager.

Cisco Advanced Malware Protection AMP 

This simplicity of Cisco's management solution saves money, time, and prevents company setbacks.

Be on the lookout over the next few weeks for parts 2, 3, 4, and 5, listed below:

 Request a Complimentary Security Assessment 

Topics: Security

Subscribe to Email Updates

Live Chat Support Software