You may not have heard of Dr. John Snow, but the methods he adopted over 150 years ago to solve the mystery of a cholera outbreak in London can actually be applied to help businesses get to the heart of a modern-day malware outbreak within their enterprise.
As the story goes, back in 1854 when an outbreak of cholera hit London, John Snow, an English physician, plotted each case on a map and noticed that the incidents occurred primarily near a specific water pump. Upon discovering the pattern, he immediately requested that authorities remove the pump handle and the epidemic, which had claimed nearly 500 lives, soon ended.
Stopping outbreaks at the source
Indeed, when it comes to malware, despite best efforts and multiple layers of security, infections prevail. To truly eliminate malware and the risk of re-infection, businesses have to get to the root of the cause. The challenge here is that most technologies focus solely on detection and give us little recourse after an infection occurs.
The most common way organizations discover an infection is with a call to a help desk. However, they might also learn of an infection when a detection tool is updated and discovers malware previously overlooked. In this case, the detection alert is actually an infection alert, meaning the malware has already permeated the network and has most likely infected a number of devices.
Once malware is identified, it is critical to quickly quarantine and clean the device, minimizing the risks of infecting other devices on the network. Nevertheless, even then, malware is not truly eliminated. This scenario would be the same as if Dr. Snow had simply focused on individuals exhibiting symptoms and treated them. If he had used only that approach, he would have been caught in a never-ending cycle of treating patients and may never have found the root cause of the outbreak.
Just as Dr. Snow analyzed the data points available to him, in the case of stopping the spread of malware, technologies that use big data analytics to identify 'patient zero' (who was infected first), the application that introduced the malware and the files that are causing it to spread enable us to address the infection at the root and avoid re-infection. Identifying the last person infected is equally important as we can define the scope of the infection, assess the risk and understand what it will take to control the outbreak.
In addition to the 'who,' understanding 'how' the malware permeated the network is also critical to reducing the risk of re-infection. Identifying the use of non-sanctioned software plays an important role in stopping common vehicles for malware.
Sign up for CIO Asia eNewsletters.