Dark Reading: How To Detect And Root Out Sophisticated Malware

/Home/Internet Security: Articles/Internet Security: Dark Reading/Dark Reading: Attacks & Breaches

New report offers insights on excising that hard-to-detect malware

May 24, 2012
By John H. Sawyer

[Excerpted from "Rooting Out Sophisticated Malware," a new report posted this week on Dark Reading's Advanced Threats Tech Center.]

Malware authors are developing new malware variants at a breakneck pace. Not so long ago, malware defense meant recognizing a virus or a Trojan horse and eradicating it. But today’s advanced malware is designed to be resistant to detection and removal. Malware authors also have developed many new techniques for hiding malware or making it appear benign by tunneling its command-and-control traffic as part of standard HTTP or encrypted HTTPS traffic.

The goal of enterprise malware-prevention efforts should be to stop malware from ever getting to the desktop. To do that, analysis, detection, and prevention need to take place at the network layer. Starting at the perimeter, content filtering gateways, next-generation firewalls, and new network-based malware detection appliances provide the first layer of defense. They have the ability to analyze traffic, detect malicious files, and prevent malware from ever getting to its intended target.

The concern, of course, is whether these systems can keep up with the ever-increasing number of new malware specimens being released daily, and whether they can efficiently deal with increasing network throughput demands.

Click the URL above to read the full article