Cyber Security and Malware Detection
There is no question that advanced cyber security threats consisting of advanced malware, botnets, APT’s (advanced persistent threats) and targeted attacks pose an extremely high risk for organisations of many sizes. Whether a small business network becomes inadvertently compromised and joins part of a spam bot-net, or a large global brand’s enterprise is targeted in a effort to extract corporate information and intellectual property, it is a constant battle to stay ahead of highly motivated cyber criminals even with a strong defence in depth approach.
Additional layers of protection implemented, such as signature based malware detection certainly play a key road in the defence from threats of this sort, but with freely available DIY malware construction and exploit kits available freely, it is increasingly easy to create new malware that can simply evade seemingly complex enterprise level defences. Working in an offensive capacity, as security architects, we need to leverage as many innovative technologies that make sense for the threat at hand, and solutions such as botnet and advices malware detection an play a key role in providing pre and post infection blocking and alerting.
These solutions take various approaches to deal with this threat. Some solutions placed at strategic points on an organisations network watches for suspicious traffic leveraging a global intelligence database of known bad behaviours, such as suspicious dns lookups or anomalous traffic flows, which can pin point infected assets, and provide a remediation risk factor post-infection, to prioritise incident response efforts. Other solutions take a sandboxing approach, leveraging virtualisation technology to inspect the behaviours of suspicious payloads, watching the infection in real-time, developing an output of mitigation activities ensuring protection from a specific type of malicious code, or passing on the payload if all is well.
We have a deep awareness of the new innovations in this security toolset, which can supplement your additional security defences against APT’s providing protection from inbound attacks and outbound callbacks. We can work with you to choose the right cyber security and malware detection technology from vendors such as Damballa, Fireeye, neuralIQ and others, integrating this control into your it security architecture and security operations aiding your defence and forensic capabilities against APT’s.
