Antivirus software alone isn't enough to keep your corporate data safe
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
February 9, 2015
It's a well known fact that TJX hacking expert Albert Gonzalez laughs at antivirus tools, and that he never took them seriously.
To be sure, Gonzalez and his team of hackers wrote malware specifically designed to evade their detection.
One can imagine him scoffing as his team of hackers broke into corporate networks using SQL injection attacks and gained administrative access not so long ago.
Gonzalez uploaded the malware directly into a server's memory, and when the corporate networks began happily delivering customer credit card data directly to his servers he laughed even more.
Gonzalez was perhaps the biggest cyber criminal in history. He was eventually jailed for hacking more than 250 companies, ranging from retailers such as TJX and grocery chain Hannaford Brothers through to payment processing company Heartland.
Gonzalez pilfered data from under the noses of all those companies and cost them hundreds of millions of dollars.
Even though many of those companies had antivirus software installed on their servers, they didn’t detect what he was doing.
To be sure, antivirus software is a crucial part of any security arsenal and every day malware scanners the world over detect and throttle millions of malicious software strains.
This is not a category of software that we should live without. Antivirus tools work by scanning both static files and programs running in memory.
They use several techniques to try and detect malicious activity. Signature scanning, which looks for known patterns in files, is a well-established method of finding nasty software glitches and viruses, as its scanning code runs in memory, looking for potentially malicious activity as it happens.
These are solid, reliable tools but when attackers are determined enough, antivirus software alone may not stop them from grabbing sensitive corporate data.
The malware industry thrives on zero-day attacks – exploits using obscure or completely unknown security vulnerabilities. A hacker smart enough to devise one – and there are plenty – can get past malware detectors fairly easily.
Clever IT managers use complementary technologies to reduce the risk of attack, and one is to look at the potential delivery channels for malware on a constant basis.
Web protection software can reduce that risk by blacklisting certain sites or groups of websites. Additionally, filtering web access is also a good way to reduce the risk of potential infection by simply prohibiting access to websites that are not necessary for work.
It can also be a worthy complement to antivirus software that will attempt to detect anything installed via the browser.
This multi-faceted protection is a basic tenet of modern cyber security. All it takes is for one single user to open a file or click on a link and you can say goodbye to the integrity of your corporate network.
Another very important vector is email. In fact it's one of the most critical vectors. This has gained huge traction among attackers, who use it for phishing, and in some cases spear phishing targeting specific companies.
Attackers can gather information about a company's organizational structure and various employees in different departments. The list of sources are endless, ranging from annual reports through to social media posts and other day-to-day information in a typical workplace.
These can be used to socially engineer employees to obtain login details or have them open a file containing a zero-day attack.
Employee training is all-important but it must be backed by a technological solution as well. All it takes is for one user to open a file or click on a link to a fake an IT administrator page asking them to enter their single sign-on password as part of a security audit, and you can wave goodbye to the integrity of your network.
One of the best ways to counter threats delivered via email is to choke them off before employees even see them. Monitoring and filtering emails is therefore an important part of any corporate cyber-security strategy.
Email can be scanned for viruses, and it can be controlled still further by scanning for known spam signatures and characteristics. This alone can root out the lion’s share of malicious or pestering emails, increasing employee productivity as well as reducing the risk compromising the security of the network.
Adding blacklists for known bad domains and whitelists for recognized sources, such as business partners and customers, can be an extra-useful technique for locking email down.
The further that companies can keep unscrubbed email away from their IT architectures the better. Pre-filtered email streams contain not only infected files but also large volumes of spam, which serve only to clog bandwidth and servers.
Having those messages filtered offsite by a third-party service also mitigates the problem, ensuring that only clean communications touch company's servers.
Source: Sun Hosting, security dept.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!