4 Steps To Combat Malware Enterprisewide
In the fight against malicious software, it’s not enough to treat individual infected machines. Here’s how to develop a malware strategy that protects an entire campus.
Too often, organizations make the mistake of treating malware infections as a series of independent occurrences. Each time a malicious program is discovered, IT simply cleans up or rebuilds the affected host and then moves on with routine operational tasks. Yet this approach doesn't allow the institution to keep up with the increasingly aggressive and innovative attack tactics employed by malware authors, who design malware to bypass defenses, evade detection, and resist efforts to remove it.
In fact, combating malware in an enterprise environment means not only locating suspicious programs on servers and workstations, but also detecting and interfering with the use of malware on the network. To win the battle for data security, institutions must discover malware propagation attempts and contain infections before they escalate into all-encompassing pandemics. Ultimately, in an enterprise setting, where thousands of diverse computers are loosely connected to perform diverse tasks, malware incidents must be treated as elements of a holistic security incident cycle. The cycle comprises four major phases: Plan, Resist, Detect, and Respond.
Step 1: Plan
As you design an approach to resist, detect, and respond to malware enterprisewide, begin by understanding the threat landscape relevant to your computing environment. This process involves reviewing what infection vectors you're likely to encounter. For instance, common approaches for malware to find its way onto systems include:
- Vulnerabilities in client-side software on workstations.
- Vulnerabilities in network-accessible software on servers.
- Social engineering techniques, which often are part of malware-propagation tactics.
- Removable media, such as USB keys.
- Weak passwords of network-accessible accounts.
Which of these infection vectors are likely to be most dangerous to your organization? What technologies and procedures can you implement to prevent malware from propagating through these vectors? These are some of the questions you need to answer when designing your anti-malware architecture.
Next, consider the activities malware might undertake once systems in your enterprise have been infected. For example, common capabilities of malicious programs include downloading updates and instructions, collecting and sending out sensitive data, and propagating to other systems. What measures can you take to make it difficult for malware to perform those actions? It is important to hone your plan to detect and interfere with these activities not only at the end-point level, but also on servers, on internal network devices, and at the network perimeter.
Another key consideration: You probably won't have the budget to protect all information resources with the same rigor. Keeping financial limitations in mind, catalog potential malware targets (such as your data) across the enterprise and prioritize them by sensitivity, privacy, or any other measure relevant to your organization. Then design your malware security architecture accordingly. Focus on IT resources that process, store, or transmit the most critical data. Don't forget to incorporate into your design not only preventative security controls, but also measures for detecting malware and responding to the associated security incidents.
Once the plan phase is complete, the output often is a set of architectural blueprints, product recommendations, configuration procedures, training plans, and security policies that guide the enterprise through the rest of the security incident cycle.
Step 2: Resist
In the fight against malware, one might say that the best offense is a good defense: That is, when implementing the policies developed in the plan phase of the security cycle, institutions must take steps to resist malicious software attacks in the first place.