HOME
Technomania

Defending against Malware: Reactive Malware Defense Technologies

by VARINDIA 2019-12-31
Defending against Malware: Reactive Malware Defense Technologies

Defending against Malware has focused on reactive technologies: intrusion detection, content filtering, detecting and blocking malware, etc. Time to get proactive.

 

There is an ongoing argument as to how effective those reactive technologies are. There’s no argument about the fact that most of these solutions require very competent operators: without a good administrator, an intrusion detection solution is meaningless.

 

This discussion is not going to be about how good malware attack detection and blocking solutions really are, there are some excellent products out there, but more that they are all reactive. They must do a perfect job and block 100% of the attacks, or the web site will be infected. With the amount of attacks conducted today defense perfection is a difficult task.

 

The number of different attack signatures currently being used recently doubled from 600K to over 1,600K – in just one year. This is following a multiyear, exponential rate of attack signature growth that is swamping the reactive solutions and their ability to find, and include each signature in their databases.

 

The Malware Attack

Malware attacks are almost entirely an automated activity. The days where a lone hacker decides to attack a single site are over. The goal is to use search and destroy programs to find thousands of vulnerable computers into which malware can then be installed. The goal? Build a botnet; a large network of computers that is ready to do the bidding of the controller.

 

The goal of a botnet operator is to quickly get as many compromised machines as possible, and he cares very little about who the victims are. This means the ‘low hanging fruit’ – the machines that are easiest to attack – will be compromised and the sites and servers that are even slightly harder to crack are skipped.

 

Focus: Proactive Malware Defense Solutions

In the real world context of automated attacks, an excellent protection strategy consists of making your site and network less vulnerable than others. By identifying and eliminating your underlying vulnerabilities instead of attempting to detect and block 100% of the attacks against them you make your network harder to attack than hundreds of thousands of others who have left their vulnerabilities in place.

 

By addressing this relatively small set of vulnerability issues, you can easily cause the attacker (typically an automated ‘bot’) to move to their next target in the target list rather than trying harder to penetrate you. This avoids the need to play Russian roulette by trying to identify and block every attack signature before it can carry malware into your machine and disable your defense perimeter.

 

Making machines less vulnerable is not difficult. Botnets use relatively few, known vulnerabilities to attack (more on that later), and those vulnerabilities could be checked for and plugged relatively easily by finding and installing a missing patch, changing a vulnerable configuration, tightening up web applications, etc. A bot trying to attack a network with no high or medium risk, known vulnerabilities will be unsuccessful and will swiftly move on to the next target. From your point of view (protecting the organization you are responsible for) the task is accomplished.

 

How Proactive Does Malware Defense Need To Be?

Vulnerability Assessment and Management has been a major pillar of network security in enterprise, Class A networks for many years. Within just the last couple of years, medium and even small businesses are discovering the common sense of fixing their relatively few vulnerabilities rather than erecting more and more defenses to keep them from being attacked.

 

Vulnerability Assessment tools, like beSECURE, scan every node on a network on a frequent, regular basis. Doing a penetration test, or having a security consultant scan your network once a year, every 6 months or even every 3 months doesn’t cut it. They must be done regularly; on a weekly or at the very least monthly basis. The reason is obvious – Microsoft alone discloses a boatload of vulnerabilities every month (on “Patch Tuesday”), every one of which can affect your organization and open a potentibreal security risk. But on top of that – networks are dynamic. Someone changing the firewall configuration can accidentally create an opening for an attacker.

 

We strongly believe that periodic vulnerability scans, coupled with even basic malware detection and blocking, will be enough to prevent an organization from being compromised and becoming a part of a botnet – not because either method of defense alone leads to absolute protection, but because they harden the organization enough for the botnet operator to simply give up and move on to their next, weaker, target.

 

Malware, Botnets and Known vs. Unknown Vulnerabilities

A quick note about known vs. unknown vulnerabilities. While it is true that some malware attacks utilize “zero-day” vulnerabilities (attacks that have just been discovered and are referred to as ‘unknown vulnerabilities’) these attacks are a tiny minority. The reason is that ‘zero day’, unknown vulnerabilities are hard to discover and are thus expensive and relatively few in number.

 

Computers that have been infected (zombies) are so numerous that there open market value is currently 4 cents (US). If I have information on how to compromise a network that nobody else knows about, would I waste it adding zombies to my botnet? No – I would sell it on the open market (where I can fetch $10,000-$100,000 easily for this information) or use it to compromise a lucrative target such as a bank, sensitive government network, or similar high value target. The fact of the matter is that close to 100% of the successful malware and botnet-related attacks use known vulnerabilities.

 

Proactive vs. Reactive Malware Defense ROI

In summary, while it is ‘sexy’ to talk about reactively detecting and blocking attacks, it is impractical, reactive and often impossible to do without expensive technical expertise. It is much cheaper and effective to be proactive and run periodic vulnerability scans to detect the relatively easy to find known vulnerabilities that are used to break into the network, and plug those holes before they are used by attackers.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Cybersecurity Awareness Gap Leaves Indian Organizations Vulnerable

Cybersecurity Awareness Gap Leaves Indian Organizations Vulnerable

Nearly 64% of Indian companies say their employees lack basic security awareness: Fortinet

Nearly 64% of Indian companies say their employees lack basic security awareness: Fortinet

Nearly 20% of Indian users faced cyberthreats from web attacks in Q3 2024: Kaspersky

Nearly 20% of Indian users faced cyberthreats from web attacks in Q3 2024: Kaspersky

SOFTWARE
View All
PhonePe & Bharat Connect to announce easy contributions for NPS

PhonePe & Bharat Connect to announce easy contributions for NPS

Elastic collaborates with LG CNS to enable innovation in knowledge management

Elastic collaborates with LG CNS to enable innovation in knowledge management

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

START - UP
View All
ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

Whatfix and Deloitte India Partner to Drive Digital Adoption

Whatfix and Deloitte India Partner to Drive Digital Adoption

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
Wipro partners with RELEX Solutions to enable clients optimize retail operations

Wipro partners with RELEX Solutions to enable clients optimize retail operations

Vertiv and NVIDIA Collaborate on Power and Cooling Solutions for GB200 NVL72

Vertiv and NVIDIA Collaborate on Power and Cooling Solutions for GB200 NVL72

Tech Titans Rally Behind Intel-AMD Partnership to Secure x86 Dominance

Tech Titans Rally Behind Intel-AMD Partnership to Secure x86 Dominance

LTTS announces AI Experience Zone built on NVIDIA AI

LTTS announces AI Experience Zone built on NVIDIA AI

AMD introduces next-gen Ryzen 7 9800X3D processor tailored for gamers

AMD introduces next-gen Ryzen 7 9800X3D processor tailored for gamers

Wipro, Microsoft and SAP partner to speed up RISE with SAP Migration

Wipro, Microsoft and SAP partner to speed up RISE with SAP Migration

Taiwan's DoIT Debuts AI Solid-State LiDAR for Next-Gen Sensing

Taiwan's DoIT Debuts AI Solid-State LiDAR for Next-Gen Sensing

India Faces Looming Cyber Threat: ₹1.2 Lakh Crore Loss Predicted

India Faces Looming Cyber Threat: ₹1.2 Lakh Crore Loss Predicted

GitHub Unveils Multi-Model Copilot, Spark App, and AI-Native Tools at Universe 2024

GitHub Unveils Multi-Model Copilot, Spark App, and AI-Native Tools at Universe 2024

OneAIChat Partners with Haiper AI for Text-to-Video Magic

OneAIChat Partners with Haiper AI for Text-to-Video Magic