Malware Management in the Enterprise - Case Study Example

Malware Management] Malware Management in the Enterprise Malware is a specially designed software which is equipped with spyware that is unnecessary and can cause serious damage to computer systems and even to the data and information accumulated on a particular system. There are totally different malware instances. So as to agitate these instances properly, the user is required to make use of recent entry anti-malware merchandise that are designed from the quality approaches. This means that such instances are induced with the latest information referencing of the malware signatures. Every business or an enterprise ought to follow this classic approach with the “just-on-time” feature that entails malware information assessment and handling (IATAC, 2009). Background Malware problems are ever growing and continue to be a nuisance for computer users. Manufactures of malware programs have continued to increase over the years and by 2010, there were 14 million different malware programs recorded. An astonishing 60,000 sections of malicious code was being discovered every single day. A rather recent work known as the Koobface surfaced, its purpose was to target people on social networks and it’s created profited by making 2 million dollars in one year. A worm known as the Mariposa has been known to create the largest network of zombie machines on the entire planet. Experts, despite making their best efforts, could not calculate its exact size however they were able to pinpoint the number of computers that became infected by Mariposa which was over 12 million. What the worm did was drop spyware that stole susceptible information from the individuals who suffered, which includes bank account numbers and credit card credentials. This idea was completely planned by a solitary hacker in Spain who happened to make a blunder by chance that uncovered him and he was arrested (Milošević, 2010). Forms of Malware Web attacks are counted amongst the foremost subtle and dangerous ways cyber criminals use. For instance, if you are searching any sites which may seem good and harmless but at the backend they are uploaded with various harmful malware which secretly get downloaded in the browser’s PC. It can happen as such that cyber criminals square measure all their probabilities and then they frame a hijack process. Mostly the advertising banners on these sites are used for such reasons hence it is extremely important that enterprises must place security barriers between the company’s system and internet arrangement (Baloch, 2011). Other forms within which malware can be formed include: Botnets Instant electronic messaging Phishing tries Skype malware Gaming malware Redirects If an administrator fails to execute an immediate action once he/she has recognized the entry of malware, then it can be ascertained that a door has been opened for criminals to siphon personal information from the computer. In the fight against the malicious software system, it isnt enough to treat individual infected machines. Enterprise Strategy for fighting Malware Too often, organizations create the error of treating malware infections as a series of irregular occurrences. Anytime a bug is discovered, IT merely cleans up or rebuilds the affected host and the whole system moves on with routine operational tasks. Nonetheless this approach does not permit the enterprise to stay up with progressively aggressive and innovative attack techniques used by malware authors. It is this time when management needs to take corrective action to bypass malware defenses, evade detection, and resist efforts to get rid of it (Zeltser, 2011). In fact, combating malware whether it is a big or a small enterprise atmosphere requires locating suspicious programs on servers and workstations and then executing the strategy for removing them. However it can also be done in the manner to conjointly investigate the areas infected and detecting the departments which interfere with the utilization of malware on the network. To win the battle of security, enterprises should discover malware proliferation techniques and attempt to eradicate such infections before they intensify into blanket pandemics (mhprofessional, 2009). Ultimately, in a large enterprise setting, wherever thousands of computers square measure loosely connected to perform various tasks, malware incidents should be treated as components of a holistic security incident cycle. The cycle contains four major phases: Plan Resist Detect and Respond In order to fight with the malware the system needs to be in-line with the entry device inserted between native network and net rather than having it connected to the tap/span port. These trends have led to buy a bigger security want since informatics addresses and URLs are unable to remain updated due to the speedy unfold of recent malware. Thorough and deep network traffic examination is additionally an efficient method of ridding the network of malware. Employing a malware monitor software system can instantly detect and report malware, hence thereafter, the administrator will be able to manually clean the damage. This methodology is effective however nearly infeasible and quite cumbersome (Zeltser, 2011). The CIA Triad The CIA Triad is an honoured and acknowledged designation for security policy development that has been used for locating trouble portions and identifying obligatory resolution for information safety. The CIA in CIA Triad represents: Confidentiality, Integrity, and Availability. The CIA Triad is a new model of security which has been introduced and designed to assist individuals in thinking about the significant features of IT security or perhaps to provide someone a means to formulate money on another catch phrase (Kinamik, 2007). Confidentiality Confidentiality is all about the significance of safeguarding the enterprise the majority critical information and data from admittance that is unauthorized. Protecting someone’s confidential information pivots upon defining and implementing the right access levels of information. Doing this quite regularly involves separating information into several diverse collections which that are organized by whoever has access to the information or how sensitive the nature of the information actually is i.e., how much damage would one go through with if that confidentiality was infringed. The general methods of controlling confidentiality across stand-alone systems includes conventional Unix file entry, right to use organization lists and dimensions encryption as cryptography plays an important part in securing information (Kinamik, 2007). Integrity The letter ‘I’ in CIA represent Integrity which can be particularly mentioned as information integrity. The important aspect which is related to the constituent of the CIA Triad is the protection of information from alteration or removal by illegal gathering which ensures that when the people who are authorized to make a modification that must not be made; the damage can be undone quickly and accurately. Portions of data must not be improperly adjustable whatsoever, for instance user account controls for the reason that even a transitory alteration can direct to noteworthy service interruptions and privacy violation. Other information should be highlighted while being easily accessible for adjustment rather simply following severe controls. Again, all this procedure must be designed in a manner that it can be reverted as much as probable in need of alteration that may afterwards be of regret like deleting files by mistake. In these circumstances version control software and timely backups are the mainly security procedures that are commonly used to make certain of integrity (Sengupta, 2011). Availability The CIA Triad’s last word represents Availability of information. Systems, admittance conduit and various other verification procedures need to be operating precisely at the right flow so that all the required information that is provided and protected can be accessed whenever required. High accessibility systems include such computing resources whose architectures are particularly designed in the direction of improvising availability. Relying on the explicit HA system design, it may specifically mark power break, upgrading, and hardware malfunction to ascertain ease of use. It has the power to administer multiple network connections to route in the region of network outages, or it may also be intended to tackle with probable accessibility troubles like Denial of Service attacks. Numerous researches specific to availability development are present such as failover redundancy systems, HA clusters, and quick disaster recovery ability for instance in the case of image based boot systems. If any particular activity of a business requires maximum valuable uptime all the provided choices must be considered in profundity (Kinamik, 2007). Symantec Malware Protection The threat Landscape has modified and cybercrime is rampant. Corporations cannot rely exclusively on desktop antivirus technology to safeguard themselves. Following the steps within the tabs below can improve the protection of desktops running a Symantec termination protection and stop malware (Paper, 2011; Musthaler, 2011; Symantec Corporation, 2013). Use IPS (Network Threat Protection): The Intrusion interference System (IPS) in Symantec termination defense discontinues intimidation prior to they will penetrate a machine. IPS stops susceptibility abuse and it also supports Drive-by-Downloads and faux Jewish calendar month installation (Musthaler, 2011; Symantec Corporation, 2013). Improve default Symantec termination Protection settings: Get the foremost out of Symantec termination Protection product by up its default location. Solely a couple of setting alteration will create a giant enhancement to security (Musthaler, 2011; Symantec Corporation, 2013). Keep browser plug-in patched: Venerable attacks have affected to the browser. In addition, users should make sure that the attacker could not be able to make use of Microsoft web someone, or Adobe Reader, Acrobat or Flash susceptibility to launch an attack on a system. It is suggested that ensure software are regularly updated through updates provided by their vendors or package distribution tools to install patches for safeguarding against any attacks (Musthaler, 2011; Symantec Corporation, 2013). Block P2P usage: The uncomplicated technique for sharing out malware is concealed within files is made public on peer-to-peer (P2P) networks. It is essential that enterprise should enforce a no-P2P policy, together with the residence usage of a corporate system. Put into effect the policy at the entryway and/or desktop. Teach additional regarding exploitation Symantec termination Protection’s Application management to dam P2P at the desktop (Musthaler, 2011; Symantec Corporation, 2013). Turn off Auto Run: Stop Auto Run feature as different network based worms jump from USB ports and network drives to a secure system (Musthaler, 2011; Symantec Corporation, 2013). Conclusion A few antivirus programs can protect against malware however the first step in solving a problem is identifying it. Since a long time, antivirus programs were not as familiar with the virulent malware as they should have been and malware scanners were overlooked however these days that is changing rapidly. In the meantime, a few measures which one can take to fight malware on their own terms are that lock your system to protect privacy. Securing your web browser and locking it is the first step against malware. One can then try and only use those applications that he or she is familiar with or are known applications that have been trusted by thousands. This is simple advice that a huge number of people neglect to follow however the most crucial step in protecting yourself against malware of all sorts if to get rid of suspicious emails or texts. If it is from an unknown source, remove it instantly and if still in doubt, take protective measures by installing malware scanners and removal tools. There are numerous programs that are worth every single penny that help remove malware. References Baloch, R. (2011). An Introduction To Keyloggers, RATS And Malware. Retrieved April 16, 2013, from expect-us.net: http://expectus.net/files/An%20Introduction%20To%20Keylogger,%20RATS%20And%20Malware.pdf IATAC. (2009). Malware. Retrieved April 16, 2013, from http://iac.dtic.mil/: http://iac.dtic.mil/csiac/download/malware.pdf Kinamik. (2007). The CIA triad. Retrieved April 16, 2013, from Kinamik Data Integrity: http://www.kinamik.com/download/Kinamik-Whitepaper_CIA.pdf mhprofessional. (2009). Attacks and Malware. Retrieved April 16, 2013, from mhprofessional.com: http://www.mhprofessional.com/downloads/products/0072255099/0072255099_ch15.pdf micromail. (2011). Symantec™ Endpoint Protection. Retrieved April 16, 2013, from micromail.com: http://www.micromail.com/files/admin/uploads/W285_Field_2_58491.pdf Musthaler, L. (2011, March 21). Best practices for stopping malware and other threats. Retrieved April 12, 2013, from NetworkWorld.com: http://www.networkworld.com/newsletters/techexec/2011/031811bestpractices.html Milošević, N. (2010). History of malware. Retrieved April 16, 2013, from cryptome.org: http://cryptome.org/2013/02/malware-history.pdf Paper, W. (2011). Malware Security Report: Protecting Your Business, Customers, and the Bottom Line. Retrieved April 16, 2013, from verisign.com: http://www.verisign.com/verisigntransition101/files/MalwareSecurityReport.pdf Sengupta, P. (2011). The CIA Triad. Retrieved April 16, 2013, from electracard.com: http://www.electracard.com/upload/images/The%20CIA%20Triad.pdf Symantec Corporation. (2013). Security Best Practices. Retrieved April 12, 2013, from http://www.symantec.com/theme.jsp?themeid=stopping_malware Zeltser, L. (2011). Introduction to Malware Analysis. Retrieved April 16, 2013, from zeltser.com: http://zeltser.com/reverse-malware/intro-to-malware-analysis.pdf Read More