CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

6 Technologies That Will Expand Your Anti-Malware Arsenal

 

We've talked quite a bit this year on the blog about malware. And for good reason: Malware plays a significant role in many of the massive data breaches that are making regular headlines. Malware can be used for any number of damaging functions, including establishing an initial foothold within an organization or capturing sensitive information and sending it back to an attacker-owned server.

Thus, it's no surprise that targeted malware was the threat IT professionals felt the most pressure to protect against, according to our 2014 Security Pressures Report. Often, the malware used in these attacks is custom designed to evade traditional detection. Legacy, signature-based methods simply don't have the intelligence to stand up to today's more sophisticated attacks. As such, IT and security professionals must consider anti-malware services and technology that use a behavioral and conditions-based approach and are designed to identify malware - including zero-day attacks and blended and advanced persistent threats - in real time.

But that's not all practitioners need. Detecting and deflecting malware is the most important piece of the puzzle, but there are other critical components. In a targeted operation, where the goal of adversaries is to remain unidentified for as long as possible so they can siphon out as much confidential information as possible, defenders must consider other technological tactics (either delivered on-premise or as a managed service) that can both prevent a compromise and signal that a breach that is underway.

Here are six additional technologies and services that organizations should consider after they've deployed effective anti-malware protection:

1. Network Access Control: This vets unmanaged devices attempting to connect to the network and, as a result, helps keep a contaminated endpoint from spreading malware.

2. Security Testing: Also known as ethical hacking, this exercise evaluates an application's and network's ability to withstand attack, allowing you to identify potential vulnerabilities that could enable malware to enter and propagate once inside an environment.

3. Web Application Firewall: Malware often enters through the email channel via a phishing link or attachment, but attackers also fancy the web application layer to launch malware attacks via SQL injection and cross-site scripting. WAFs provide the shield to help close off this layer as a viable vector.

4. SIEM: This threat management technology comes in handy when hackers already are in the midst of their attack, particularly at the stage when they are either conducting reconnaissance or trying to laterally move within a network toward more high-value targets. During these phases, attackers often attempt to elevate their access and privileges - and typically use tools to steal weak credentials and access critical systems. SIEM increases network visibility and monitoring, and enables an organization to collect, analyze and correlate events that may signal unusual activity.

5. Database Scanning: The goal of most hackers is to ultimately land on the repository that houses an organization's crown jewels: the database. That's why it's imperative to scan that database to uncover weaknesses like missing patches, configuration errors and easily crackable passwords.

6. Data Loss Prevention: If all of these efforts have failed and the infiltrators have used malware to get their hands on what they are after, data loss prevention can help identify and halt sensitive information from going out the back door.

Preparing for and detecting malware, especially when it arrives in a targeted manner, is an enduring challenge for organizations of all sizes. But by building your anti-malware approach with a web security gateway focus, and complementing it with defense-in-depth technologies, such as the ones mentioned above, organizations can better protect themselves.

Perhaps that means you will be able to flush the bad guys out - or they will leave themselves, deciding that your business is simply not worth the financial and time-intensive effort to attack.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

The Power of Red and Purple Team Drills in Enhancing Offensive Security Programs

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are...

Read More

Balancing Innovation and Security: How Offensive Security Can Help Navigate the Tech Industry’s Dual Challenges

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into...

Read More

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order

New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment...

Read More