Over the past several weeks we have examined ways to protect your organization from malware and other malicious code throughout the corporate environment. If it is not evident at this point - we are examining data from a multitude of devices scattered throughout the corporate IT infrastructure. We find that the devices and software used for this task are both diverse and disjointed. These devices include Firewalls, laptops, desktops, multifunction devices, A/V software, basically anything that is connected to the network. These devices and software provide valuable information in the form of logs that can be used to trigger alerts based on multiple inputs.
The battle at the endpoint - phones, tablets and mobile computing - faces an endless onslaught of malware delivered from websites, bots, and pretty much any other malicious code that can be thrown at endpoints. Why are the endpoints always under attack? Simple, when they are off corporate networks there are no firewalls, no IPS, none of the enterprise grade protection that exists in a corporate environment. You and I know this, unfortunately so do the bad guys. Understanding this helps us understand why these devices are frequently targeted by malicious individuals and organizations. It is good to think of the endpoints as the new perimeter.
All malware does not immediately trigger a security alert as some new variants are quite stealthy and designed to lay in wait until such time as they are activated. In this section we describe malware and in particular ransomware.
Northeastern University published an interesting piece, “Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks” Between 2006 and 2014, this research team analyzed 1,359 ransomware samples and found that a “close examination on the file system activities of multiple ransomware samples suggests that by… protecting Master File Table (MFT) in the NTFS file system, it is possible to detect and prevent a significant number of zero-day ransomware attacks.”
For the second part of the series we would like to dive into educating the user as well as social engineering. The user continues to be the weakest link in many organizations; while it is not that a user has bad intentions, they just frequently represent the easiest target. This can be easily depicted by using a house analogy, the organization can put locks on the doors and
windows as well as installing a state of the art alarm system. This does not prevent the attacker from simply knocking on the door and being invited in by the homeowner. As a matter of fact, this is what makes phishing campaigns so successful. The user is actually tricked into unknowingly granting attackers access to corporate resources.
Modern malware is evolving at an extremely rapid pace. In fact, a new malware is created nearly every second. Due to the dynamic landscape of ever-growing malware variants, traditional antivirus solutions are becoming less effective - unable to detect and block the unknown malware before it can infiltrate and compromise an organization’s network and systems, driving the need for a more comprehensive solution. In the past two years this has become an increasing busy space among OEM solutions providers. Cisco Systems, Checkpoint software, and Fortinet have invested in providing cost effective solutions that are easily managed resulting in low effort required to provide critical protection of your organizations devices.
Clearpath, in conjunction with IT Security thought leaders, is excited to announce a five part series to increase awareness regarding the proliferation of malware in the enterprise. We have partnered with many vendors to bring best of breed solutions to our clients. Splunk, Cisco Systems, Checkpoint software, Trend Micro, and Carbon Black are a few of our partners that we have joined forces with to assist in making your mission successful. We understand that one size does not fit all, and strive to provide tailored solutions to meet your requirements and budget. Many organizations install anti-malware software on their users PC’s and “check the box”, indicating the users are now protected, when in fact, an informed end user is often the first wall of defense against malware. Clearpath’s goal is to educate and promote awareness on the new and innovative ways to protect the overall enterprise. Topics in our new series include neutralizing malware at the gateway, social engineering, finding hidden malware in your data center, and how to tie everything together into a solid layered defense.
It’s been a rough time for security hardware recently. In the past several months, there have been major issues with a number of different vendor's products. Juniper had a backdoor in its products due to the use of a known compromised RNG, which allowed attackers to decrypt VPN and other encrypted traffic. This is fairly serious but required access to both the traffic and the original firewall to be at risk.