Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to defend against malnets

Thor Olavsrud | Oct. 8, 2012
Since 2011, security firm Blue Coat Systems has been tracking malnets: extensive distributed network infrastructures embedded in the Internet and designed to deliver mass-market attacks on a continuous basis. These malnet infrastructures are like the proverbial Lernaean Hydra--chop off one head, like a botnet it has produced, and two more spring up to take its place.

"The primary thing that we do is we track their infrastructure," Van Der Horst says. "Even though they may change the paint or some labels, there's still underlying core stuff we can track. We call it server DNA. A brand new website may show up today, we do a scan of it and inspect its DNA."

"Once you start tracking the ecosystem, this infrastructure, you care less and less about the specific payload it's trying to deliver," he adds. "It doesn't matter what the exploit is, you know it's coming from a bad place."

Van Der Horst suggests five steps organizations can take to better protect themselves against malware threats:

1. Use a security solution that can block malnet infrastructures and limit employee exposure to botnet-producing Trojans.

2. Ensure your security solution can block communications from infected end-user systems to command and control servers to prevent sensitive, confidential or proprietary information from reaching the cyber-criminals.

3. Ensure that web usage policies are up-to-date and keep network/firewall rules current.

4. Deploy a reporting solution that can help you identify potentially infected end-user systems so you can quarantine and clean them.

5. Set and enforce policies that require employees to update their browsers, OS, Adobe Flash, Adobe Reader, Java and other applications with the latest patches and security updates.


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.