Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Time to modernize thinking, technology in fighting malware

Antone Gonsalves | May 12, 2014
A recent analysis of network traffic in thousands of organizations found the majority of them were hosting malware and bots, a clear signal that it is time for companies to move quickly to modern-day methods for detecting malicious software, experts say.

A recent analysis of network traffic in thousands of organizations found the majority of them were hosting malware and bots, a clear signal that it is time for companies to move quickly to modern-day methods for detecting malicious software, experts say.

A report released this week on the analysis performed by security vendor Check Point Software Technologies had enough scary bullet points to keep most CSOs up at night.

Two of the most troubling were that 84 percent of the organizations had systems infected with malware and nearly three fourth's of the study's subjects had at least one bot on their network.

Standalone numbers, particularly on infection rates, do not necessarily point to a serious problem, since not all malware is the same. Some are far more serious than others.

"Malware percentages, malware infection counts and all those kinds of things are somewhat nebulous in nature," Tyler Shields, analyst for Forrester Research, said. "It is sometimes hard to define exactly what an infection is and exactly what a piece of malware is."

What are troubling in the 2014 Security Report are the trends. Check Point found the percentage of organizations with someone downloading malware every two hours or less grew threefold to 58 percent in 2013 from 14 percent in 2012.

The study also found that the percentage of organizations with a bot increased to 73 percent from 63 percent year to year. Check Point also found 77 percent of the bots were active for more than four weeks.

What these numbers show is that traditional signature-based security, such as anti-virus software, "is dead," as Brian Dye, Symantec's senior vice president for information security, told The Wall Street Journal this week.

"We don't think of anti-virus as a moneymaker in any way," Dye said.

That's a telling statement from a company whose business depended on selling AV software for more than two decades.

Unfortunately, too many companies still depend on AV technology, which contributes to the high numbers cited in studies like Check Point's. Those businesses have to shift tactics toward looking for events in hardware, software and network traffic that would point to an anomaly indicative of malware.

"My recommendation is to spend more money on legitimate detection, as opposed to relying on detection that has been antiquated and hasn't worked for the better part of a decade," Shields said.

Examples of more effective approaches would include egress filtering, which is the practice of monitoring and possibly restricting the flow of information moving from one network to another.

Other options include intrusion detection systems and detonation chamber technology that can be used to isolate potential malware for examination.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.