Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

6 Technologies That Will Expand Your Anti-Malware Arsenal


We've talked quite a bit this year on the blog about malware. And for good reason: Malware plays a significant role in many of the massive data breaches that are making regular headlines. Malware can be used for any number of damaging functions, including establishing an initial foothold within an organization or capturing sensitive information and sending it back to an attacker-owned server.

Thus, it's no surprise that targeted malware was the threat IT professionals felt the most pressure to protect against, according to our 2014 Security Pressures Report. Often, the malware used in these attacks is custom designed to evade traditional detection. Legacy, signature-based methods simply don't have the intelligence to stand up to today's more sophisticated attacks. As such, IT and security professionals must consider anti-malware services and technology that use a behavioral and conditions-based approach and are designed to identify malware - including zero-day attacks and blended and advanced persistent threats - in real time.

But that's not all practitioners need. Detecting and deflecting malware is the most important piece of the puzzle, but there are other critical components. In a targeted operation, where the goal of adversaries is to remain unidentified for as long as possible so they can siphon out as much confidential information as possible, defenders must consider other technological tactics (either delivered on-premise or as a managed service) that can both prevent a compromise and signal that a breach that is underway.

Here are six additional technologies and services that organizations should consider after they've deployed effective anti-malware protection:

1. Network Access Control: This vets unmanaged devices attempting to connect to the network and, as a result, helps keep a contaminated endpoint from spreading malware.

2. Security Testing: Also known as ethical hacking, this exercise evaluates an application's and network's ability to withstand attack, allowing you to identify potential vulnerabilities that could enable malware to enter and propagate once inside an environment.

3. Web Application Firewall: Malware often enters through the email channel via a phishing link or attachment, but attackers also fancy the web application layer to launch malware attacks via SQL injection and cross-site scripting. WAFs provide the shield to help close off this layer as a viable vector.

4. SIEM: This threat management technology comes in handy when hackers already are in the midst of their attack, particularly at the stage when they are either conducting reconnaissance or trying to laterally move within a network toward more high-value targets. During these phases, attackers often attempt to elevate their access and privileges - and typically use tools to steal weak credentials and access critical systems. SIEM increases network visibility and monitoring, and enables an organization to collect, analyze and correlate events that may signal unusual activity.

5. Database Scanning: The goal of most hackers is to ultimately land on the repository that houses an organization's crown jewels: the database. That's why it's imperative to scan that database to uncover weaknesses like missing patches, configuration errors and easily crackable passwords.

6. Data Loss Prevention: If all of these efforts have failed and the infiltrators have used malware to get their hands on what they are after, data loss prevention can help identify and halt sensitive information from going out the back door.

Preparing for and detecting malware, especially when it arrives in a targeted manner, is an enduring challenge for organizations of all sizes. But by building your anti-malware approach with a web security gateway focus, and complementing it with defense-in-depth technologies, such as the ones mentioned above, organizations can better protect themselves.

Perhaps that means you will be able to flush the bad guys out - or they will leave themselves, deciding that your business is simply not worth the financial and time-intensive effort to attack.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Unlock the Power of Your SIEM with Co-Managed SOC

Security information and event management (SIEM) systems play a pivotal role in cybersecurity: they offer a unified solution for gathering and assessing alerts from a plethora of security tools,...

Read More

Trustwave SpiderLabs: LockBit 3.0 Ransomware Most Common Malware Used to Attack the Manufacturing Sector

As the manufacturing sector continues its digital transformation, Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) are becoming...

Read More

Trustwave’s Observations on the Recent Cyberattack on Aliquippa Water Treatment Plant

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity &...

Read More