At CISO Platform Annual Summit 2017, we had a panel discussion on the topic of Malware Defense - What More?, including industry stalwart like Devender Kumar (Vice President & Head - Information Risks & Business Continuity, Mphasis), Ananth Kumar M.S. (VP IT Sec & CISO, Janalakshmi Financial Services), Nitin Gaur (Director-Information Security, Omega Healthcare Management Services Pvt. Ltd.), Ajay Agrawal (Head Security Governance, Risk and Compliance – IRMC, Wipro), and Rejo Thomas (DGM, Exide Life Insurance).
Malware, short for "malicious software," refers to a type of computer program designed to infect a legitimate user's computer and inflict harm on it in multiple ways. Malware can infect computers and devices in several ways and comes in a number of forms, just a few of which include viruses, worms, Trojans, spyware and more.
It's vital that all users know
- What are some of the problems / shortcomings with the common approaches?
- What are some of the key sources for malware infection?
- What should be our mitigation techniques against malware infection ?
Key Learning - Malware Defense - What More?
Basic security hygiene is important:
While we look at bring in new technology in to organisation but nothing can replace “Basic security hygiene” of People Process and Technology
- Basic Hygiene includes asset tracking, ID management, Patching, vulnerability management
- People – if we have security aware of work force malware threat significantly reduces
- While we look for better system and technology, many times we fail to correlate information to identify any potential malware infections
Key source of malware infection :
Following are the key sources of malware infection and enterprise needs to have strategy on them and plan how it will be mitigated
- Uncategorized / None category URL
- Infection of malware outside enterprise network
- Credential leak from non-corporate assets
Following techniques and best practices can be used against malware infection .
- Segmentation to contain the spread.
- Create Response team
- Don’t allow endpoint to endpoint traffic. Configure firewalls on your endpoints to block the same. This will really help in containing the spread.
- Do complete root cause analysis when you find a malware on one of the end point of server. Don’t just format the same without complete understanding of threat.
- Threat intelligence plays key role. Watch for IOC and hash files in major spreads, configure your systems (e.g. SIEM, AV and IPS etc.) to detect the same on your network.
- E-mail is the biggest threat vector. Implement sandboxing and advance malware detection capabilities on your mail gateway.
- Have controls like cloud proxy for protecting endpoints corporate network.
- Most of the malware exploit the vulnerabilities within the software and it leads to zero day kind of attacks. Endpoints control should have : Behavioural based analytics for detecting malware like ransomware, monitor all system process, block memory- resident attacks, provide root cause analysis and help the team to identify source of attacks , threat chain visualization, automatically reverts infected files and roll back of changes, if possible.
- Minimize the local admin privilege and remote access with admin privilege- RDP access.
- Back up your critical data and ensure the process in place. Most of the time roaming users laptop faced attack and lost their data due to process failure.
- Increase the user awareness about social engineering attacks from top management to associate level.
- Do simulation exercise with joint efforts of all stakeholders on regular interval and add the latest threat vector and scenarios. IRT team should know Do’s and Don’ts during such incident to minimize the impact.
(Use FireCompass discovery and comparison tool to shorten your vendor assessment cycle by months. Sign Up for FREE)