Menu
Time to modernise thinking, technology in fighting malware

Time to modernise thinking, technology in fighting malware

. Check Point found the percentage of organisations with someone downloading malware every two hours or less grew threefold to 58 per cent in 2013

A recent analysis of network traffic in thousands of organizations found the majority of them were hosting malware and bots, a clear signal that it is time for companies to move quickly to modern-day methods for detecting malicious software, experts say.

A new report on the analysis performed by security vendor Check Point Software Technologies has enough scary bullet points to keep most CSOs up at night.

Two of the most troubling were that 84 per cent of the organisations had systems infected with malware and nearly three-fourth's of the study's subjects had at least one bot on their network.

Standalone numbers, particularly on infection rates, do not necessarily point to a serious problem, since not all malware is the same. Some are far more serious than others.

"Malware percentages, malware infection counts and all those kinds of things are somewhat nebulous in nature," Tyler Shields, analyst for Forrester Research, said. "It is sometimes hard to define exactly what an infection is and exactly what a piece of malware is."

What are troubling in the 2014 Security Report are the trends. Check Point found the percentage of organisations with someone downloading malware every two hours or less grew threefold to 58 per cent in 2013 from 14 per cent in 2012.

The study also found that the percentage of organizations with a bot increased to 73 per cent from 63 per cent year-to-year. Check Point also found 77 per cent of the bots were active for more than four weeks.

What these numbers show is that traditional signature-based security, such as anti-virus software, "is dead," as Brian Dye, Symantec's senior vice president for information security, told The Wall Street Journal this week.

"We don't think of anti-virus as a moneymaker in any way," Dye said.

That's a telling statement from a company whose business depended on selling AV software for more than two decades.

Unfortunately, too many companies still depend on AV technology, which contributes to the high numbers cited in studies like Check Point's. Those businesses have to shift tactics toward looking for events in hardware, software and network traffic that would point to an anomaly indicative of malware.

"My recommendation is to spend more money on legitimate detection, as opposed to relying on detection that has been antiquated and hasn't worked for the better part of a decade," Shields said.

Examples of more effective approaches would include egress filtering, which is the practice of monitoring and possibly restricting the flow of information moving from one network to another.

Other options include intrusion detection systems and detonation chamber technology that can be used to isolate potential malware for examination.

Stricter policies that restrict the downloading of files from unidentified sites would also help, Kellman Meghu, head of security engineering for Check Point, said. Having a strict policy that all executable files have to be preapproved would go a long way toward reducing malware infections.

"It may seem like a burden, but the reality is the burden of trying to clean up potentially thousands of machines is far larger," Meghu said.

As last year's Target breach showed, technology alone is not enough to prevent the theft of 10s of millions of customer records and credit card data.

A network-monitoring tool from vendor FireEye alerted the retailer's security personnel of malware on the network before the data was stolen. However, no one acted on the warning, so the $1.6 million Target spent on installing the tool did not matter.

"The technology is there to help, but you still need intelligence and human brainpower wrapped around it to make sense out of what the technology is trying to tell you," Chris Camejo, director of assessment services at NTT Com Security, said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaresoftwaredata protectionapplicationsintrusionAntivirus & Securitysecurity adviceIntrusion detection and preventionCheck Point Software Technologiesbotnet detectionsecurity analyticssecurity analysis tools

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments