By using blacklists and whitelists to control applications and identify rogue software, businesses can greatly reduce their respective attack surface. Keeping current with the latest versions of browsers and productivity tools essential to business' operations can reduce the number of infections dramatically.
In addition, because security has become an exercise in risk management, every IT department should conduct their own risk assessment when evaluating software packages. Certain packages introduce higher risk and may not make sense to deploy in your environment.
Finally, advanced malware protection also requires retrospective security, the ability to retrospectively alert and protect against files previously classified as safe, but subsequently identified as malware. Because today's advanced malware can disguise itself as safe, pass through defenses unnoticed and later exhibit malicious behavior, this is an important capability to minimize damage after an attack and remediate.
Given today's threat landscape, advanced malware detection and protection should really extend beyond blocking and prevention to highlight security intelligence, analytics, incident detection and response, as well as lessons learned. Businesses need to shift from tools that are mere gateways to an enterprise network security approach for better protection against a broader range of threats and vulnerabilities over time.
Indeed, today's malware is more damaging and more difficult to defeat than any other threats businesses have experienced in the past. By extending protection beyond just blocking and detection to include the power of big data analytics, intelligent controls and retrospective security we can stop malware at the source and truly eliminate it.
Ammar Hindi is Managing Director, APAC, Sourcefire.
Sign up for CIO Asia eNewsletters.