Sophisticated cyber attackers are constantly finding new ways to exploit your network. Whether delivered through drive-by downloads, phishing emails, self-propagation, or any technique in between, all it takes is one malware infection to cost your company millions of dollars.
And one thing is clear when it comes to cybersecurity—despite ever-increasing investments in new cyber defenses, the costs of attacks continue to rise. By 2021, global cybercrime will cost businesses $6 trillion annually, proving that security teams have not figured out how to mitigate the impact of malware.
Perhaps the biggest problem is that not all malware is created equal. There are multiple categories to address with your security strategy and the first step is understanding the differences between them.
“Malware, or ‘malicious software,’ is an umbrella term that describes any malicious program or code that is harmful to systems. Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning.”—Definition from Malwarebytes
The key phrase in this definition is “umbrella term.” Attackers have so many unique ways to compromise your system, which means you have to go beyond a high-level understanding of malware to defend against different classes of this software.
Three of the most common classes of malware are Trojans, worms, and viruses.
You know the story of the Trojan War—when the Greeks infiltrated Troy by hiding inside of a giant wooden horse. That’s exactly where Trojan malware got its name.
Trojans are a form of malware that appears legitimate on the surface, tricking users into downloading or executing the software onto their systems. Once an attacker has made it past perimeter cyber defenses, they are free to launch all kinds of threats. These threats can range from forced popups to more serious problems like deleting files, stealing data, and installing additional malware.
Whereas other forms of malware infect systems and spread, Trojans rely on social engineering to spark user interaction. And from there, the installed malware can act as a backdoor for attackers to facilitate more sophisticated data breaches.
Computer worms are pieces of malware that replicate copies of themselves to damage your systems. They are standalone software that remain active on an initial machine, but don’t require a host program to propagate.
To spread across your systems, computer worms exploit vulnerable network protocols and operating systems. But there are also computer worms that can spread through email, sending large volumes of outbound emails to an infected user’s contact list.
Regardless of how they spread, worms help attackers damage your network by consuming high volumes of bandwidth and overloading your web servers. The result can be anything from productivity-killing application performance issues to widespread DDoS incidents.
Perhaps the most common class of malware, network viruses replicate by copying themselves in various programs. Viruses come attached to executable files that exist on systems and remain inactive until a user downloads the file or runs the program. Viral code is executed alongside normal host code, leading to data damage, downtime, and denial of service.
While worms can propagate without a host program, common viruses require infected host files to spread via your network, disks, file sharing, and/or infected email attachments.
In many cases, basic virus scans can mitigate the damages of this class of malware. However, attackers have proven increasingly capable of bypassing traditional signature-based tools with zero-day viruses and evasion techniques.
Network security best practices will give you a strong baseline for malware protection. This means:
These are just a few high-level ways to address malware protection. But there’s something even more critical that acts as the foundation for any security strategy—network visibility.
Without total network traffic visibility, the security and monitoring tools you rely on for malware protection can miss anomalies that would otherwise help you mitigate a threat. Implementing the right combination of network visibility solutions—network taps, network packet brokers, and bypass switches—will ensure your security and monitoring tools can analyze every packet for threats.
Niagara Networks advanced next generation network packet brokers are able to host anti malware solutions via integrated DDoS, WAF and API protection from leading security vendors.
If you want to learn more about how Niagara Networks can boost malware protection with secure, open visibility, we can help. Contact us today to talk to a network visibility expert at Niagara.