The number of malware is growing exponentially and is becoming more sophisticated, so it's never been more important to employ a strong anti-malware defense-in-depth strategy to protect your organization's information assets. While prevention controls remain important, your organization's cybersecurity strategy should also include strong malware detection controls. Here's quick review of the different controls you should implement for malware detection and malware prevention in your organization.
Malware Prevention Controls
The goal of prevention control is to stop an attack before it even has a chance to start. This can be done in a number of ways:
- Impact the distribution channel by training users not to click links embedded in email, open unexpected email attachments, irresponsibly surf the Web, download games or music, participate in peer-to-peer (P2P) networks, and allow remove access to their desktop.
- Configure the firewall to restrict access.
- Do not allow users to install software on company-provided devices.
- Do not allow users to make changes to configuration settings.
- Do not allow users to have administrative rights to their workstations. Malware runs tin the security context of the logged-in user.
- Do not allow users to disable (even temporarily) anti-malware software and controls.
- Disable remote desktop connections.
- Apply operating system and application security patches expediently.
- Enable browser-based controls, including pop-up blocking, download screening, and automatic updates.
- Implement an enterprise-wide antivirus / anti-malware application. It is important that the anti-malware solutions be configured to update as frequently as possible because many new pieces of malicious code are released daily.
Malware Detection Controls
Detection controls should identify the presence of malware, alert the user (or network administrator), and in the best-case scenario stop malware from carrying out its mission. Detection should occur at multiple levels – at the entry point of the network, on all hosts and devices, and at the files level. Detection controls include the following:
- Real-time firewall detection of suspicious file downloads
- Real-time firewall detection of suspicious network connections.
- Host and network-based intrusion detection systems of intrusion prevention systems (IDS/IPS).
- Review and analysis of firewalls, IDS, operating systems, and application logs for indicators of compromise.
- User awareness to recognize and report suspicious activity.
- Help desk (or equivalent) training to respond to malware incidents.
Note: This article contains excerpts from Security Program and Policies: Principles and Practices (2nd Edition) by Sari Greene.
The Key to Cyber Threat Detection - Log Analysis Guide Download
Learn how log analysis can help you protect your information assets and detect network threats. Our informative Log Analysis Guide will walk you through the basics of log analysis - why it matters, what it can tell you, and how to do it. You’ll also learn about the five important aspects of a successful log analysis process.