So here we are again, a few months on, and just when so many were licking their wounds after the last infection, along comes another. Guess what, if you had your eyes shut my sympathy is not going to be that forthcoming!
malware has come along way since its anarchistic pre-pubescent beginnings, and is now a fully fledged teenager, displaying all the fire, passion and unpredictability you would expect from one. Once upon a time, you could be sure your malware was simple in its intention, written by an unorganised person or persons, with the typical agenda of notoriety or malicious damage. Although bad, quite easy to deal with.
Modern malware however is a whole new ball game. Written to order, with a menu of “features” available from stealing data to placing a sleeper inside the system, all with standard issue mass infection mechanisms anti malware detection programming, the latest in self defence techniques and with the underlying drive of a typically well organised or at least very motivated source.
Yet despite this significant step change in what we are seeing as the attack, as a world of experts I am still not seeing a change in the controls, strategies or defence tactics of many organisations. This I find astounding. How anyone who is considered a responsible person in an organisation can sleep at night thinking that a firewall and a few layers of anti-virus is going to cut it as the total form of protection is seriously miss-informed. Equally, those companies out there pedalling the silver bullets of the security world “[insert vendor name here] ultimate anti-malware solution (TM)” are doing nothing but compound a problem that will continue to evolve and get more sophisticated.
The simple fact is that ANY malware solution on the planet today from any vendor works on the same detection methods. They look for something they have seen before or something that looks like something they have seen before and block it, It's that simple. And for that reason alone, you cannot rely on that control alone as the only form of defence. Equally, the firewall and all that other perimeter based paraphernalia you invested in, don't get me wrong, all well and good, but its not going to stop this stuff. Why? Web 2.0, Social Networking, Unified Communications, Chat, Mail, you name it. Any medium of communication that can facilitate the transfer of a file, and that includes just good old browsing of the web, will bring malware to your door, invited in so to speak, through all that perimeter protection, and straight to the desktop.
The truth is, the only way to protect yourself against this stuff is to stop thinking it's “the good old days” and get with the times. The only way you're going to stand a chance of surviving one of these incidents is by thinking about the entire control landscape and how they interact with each other. A good model for this is Defence in Depth as that provides a very good method of visualising the controls at each layer of your environment and allows you to map attacks through the controls to see if they would be successful or not.
This simple visualisation strategy can bring value beyond your wildest dreams, giving you the opportunity to stop, think and adjust what you're doing, justify investment, demonstrate control and rationalise spend. All very important concepts for the times. There is a world of products, vendors control choices and equipment with pretty flashing led's on it. The only way to figure out which ones will help you is to understand what you have, what you need and why.