Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

6 Technologies That Will Expand Your Anti-Malware Arsenal


We've talked quite a bit this year on the blog about malware. And for good reason: Malware plays a significant role in many of the massive data breaches that are making regular headlines. Malware can be used for any number of damaging functions, including establishing an initial foothold within an organization or capturing sensitive information and sending it back to an attacker-owned server.

Thus, it's no surprise that targeted malware was the threat IT professionals felt the most pressure to protect against, according to our 2014 Security Pressures Report. Often, the malware used in these attacks is custom designed to evade traditional detection. Legacy, signature-based methods simply don't have the intelligence to stand up to today's more sophisticated attacks. As such, IT and security professionals must consider anti-malware services and technology that use a behavioral and conditions-based approach and are designed to identify malware - including zero-day attacks and blended and advanced persistent threats - in real time.

But that's not all practitioners need. Detecting and deflecting malware is the most important piece of the puzzle, but there are other critical components. In a targeted operation, where the goal of adversaries is to remain unidentified for as long as possible so they can siphon out as much confidential information as possible, defenders must consider other technological tactics (either delivered on-premise or as a managed service) that can both prevent a compromise and signal that a breach that is underway.

Here are six additional technologies and services that organizations should consider after they've deployed effective anti-malware protection:

1. Network Access Control: This vets unmanaged devices attempting to connect to the network and, as a result, helps keep a contaminated endpoint from spreading malware.

2. Security Testing: Also known as ethical hacking, this exercise evaluates an application's and network's ability to withstand attack, allowing you to identify potential vulnerabilities that could enable malware to enter and propagate once inside an environment.

3. Web Application Firewall: Malware often enters through the email channel via a phishing link or attachment, but attackers also fancy the web application layer to launch malware attacks via SQL injection and cross-site scripting. WAFs provide the shield to help close off this layer as a viable vector.

4. SIEM: This threat management technology comes in handy when hackers already are in the midst of their attack, particularly at the stage when they are either conducting reconnaissance or trying to laterally move within a network toward more high-value targets. During these phases, attackers often attempt to elevate their access and privileges - and typically use tools to steal weak credentials and access critical systems. SIEM increases network visibility and monitoring, and enables an organization to collect, analyze and correlate events that may signal unusual activity.

5. Database Scanning: The goal of most hackers is to ultimately land on the repository that houses an organization's crown jewels: the database. That's why it's imperative to scan that database to uncover weaknesses like missing patches, configuration errors and easily crackable passwords.

6. Data Loss Prevention: If all of these efforts have failed and the infiltrators have used malware to get their hands on what they are after, data loss prevention can help identify and halt sensitive information from going out the back door.

Preparing for and detecting malware, especially when it arrives in a targeted manner, is an enduring challenge for organizations of all sizes. But by building your anti-malware approach with a web security gateway focus, and complementing it with defense-in-depth technologies, such as the ones mentioned above, organizations can better protect themselves.

Perhaps that means you will be able to flush the bad guys out - or they will leave themselves, deciding that your business is simply not worth the financial and time-intensive effort to attack.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

How Cybercriminals Use Breaking News for Phishing Attacks

Trustwave SpiderLabs issued a warning that threat actors may attempt to take advantage of CrowdStrike’s software update that caused widespread outages by using the news as the center of a social...

Read More

Trustwave Response: CrowdStrike Falcon Outage Update

Trustwave is proactively assessing and monitoring our clients who may have been impacted by CrowdStrike’s recently rolled-out update for its Windows users. The critical issue identified with...

Read More

Accelerating Value for Microsoft Defender XDR, Copilot for Security, and Sentinel

The unparalleled capabilities encapsulated within Microsoft Defender XDR, Copilot for Security, and Sentinel can be powerful when an organization knows how to expertly tap into these resources. The...

Read More