Malware authors are developing new malware variants at a breakneck pace. Not so long ago, malware defense meant recognizing a virus or a Trojan horse and eradicating it. But today’s advanced malware is designed to be resistant to detection and removal. Malware authors also have developed many new techniques for hiding malware or making it appear benign by tunneling its command-and-control traffic as part of standard HTTP or encrypted HTTPS traffic.
The goal of enterprise malware-prevention efforts should be to stop malware from ever getting to the desktop. To do that, analysis, detection, and prevention need to take place at the network layer. Starting at the perimeter, content filtering gateways, next-generation firewalls, and new network-based malware detection appliances provide the first layer of defense. They have the ability to analyze traffic, detect malicious files, and prevent malware from ever getting to its intended target.
The concern, of course, is whether these systems can keep up with the ever-increasing number of new malware specimens being released daily, and whether they can efficiently deal with increasing network throughput demands.
To supplement network-based malware detection products, many vendors are turning to cloud-based services to offload analysis and computing capabilities. Cloud-based computing services provide more computing power so more malware samples can be analyzed, and they serve as a collective analysis resource.
And while we would prefer to stop all malware at the network level so it never reaches the desktop, we know that’s an unrealistic goal. Desktop antivirus still has a place, and many desktop antivirus vendors are using the same cloud-based services for file comparison and reputation lookup as the network detection systems.
To find out more about how sophisticated malware may be hidden -- and the tools and practices required to detect and eradicate it -- download a free copy of the report on rooting out sophisticated malware.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.