Time to modernise thinking, technology in fighting malware

. Check Point found the percentage of organisations with someone downloading malware every two hours or less grew threefold to 58 per cent in 2013

A recent analysis of network traffic in thousands of organizations found the majority of them were hosting malware and bots, a clear signal that it is time for companies to move quickly to modern-day methods for detecting malicious software, experts say.

A new report on the analysis performed by security vendor Check Point Software Technologies has enough scary bullet points to keep most CSOs up at night.

Two of the most troubling were that 84 per cent of the organisations had systems infected with malware and nearly three-fourth's of the study's subjects had at least one bot on their network.

Standalone numbers, particularly on infection rates, do not necessarily point to a serious problem, since not all malware is the same. Some are far more serious than others.

"Malware percentages, malware infection counts and all those kinds of things are somewhat nebulous in nature," Tyler Shields, analyst for Forrester Research, said. "It is sometimes hard to define exactly what an infection is and exactly what a piece of malware is."

What are troubling in the 2014 Security Report are the trends. Check Point found the percentage of organisations with someone downloading malware every two hours or less grew threefold to 58 per cent in 2013 from 14 per cent in 2012.

The study also found that the percentage of organizations with a bot increased to 73 per cent from 63 per cent year-to-year. Check Point also found 77 per cent of the bots were active for more than four weeks.

What these numbers show is that traditional signature-based security, such as anti-virus software, "is dead," as Brian Dye, Symantec's senior vice president for information security, told The Wall Street Journal this week.

"We don't think of anti-virus as a moneymaker in any way," Dye said.

That's a telling statement from a company whose business depended on selling AV software for more than two decades.

Unfortunately, too many companies still depend on AV technology, which contributes to the high numbers cited in studies like Check Point's. Those businesses have to shift tactics toward looking for events in hardware, software and network traffic that would point to an anomaly indicative of malware.

"My recommendation is to spend more money on legitimate detection, as opposed to relying on detection that has been antiquated and hasn't worked for the better part of a decade," Shields said.

Examples of more effective approaches would include egress filtering, which is the practice of monitoring and possibly restricting the flow of information moving from one network to another.

Other options include intrusion detection systems and detonation chamber technology that can be used to isolate potential malware for examination.

Stricter policies that restrict the downloading of files from unidentified sites would also help, Kellman Meghu, head of security engineering for Check Point, said. Having a strict policy that all executable files have to be preapproved would go a long way toward reducing malware infections.

"It may seem like a burden, but the reality is the burden of trying to clean up potentially thousands of machines is far larger," Meghu said.

As last year's Target breach showed, technology alone is not enough to prevent the theft of 10s of millions of customer records and credit card data.

A network-monitoring tool from vendor FireEye alerted the retailer's security personnel of malware on the network before the data was stolen. However, no one acted on the warning, so the $1.6 million Target spent on installing the tool did not matter.

"The technology is there to help, but you still need intelligence and human brainpower wrapped around it to make sense out of what the technology is trying to tell you," Chris Camejo, director of assessment services at NTT Com Security, said.

Join the CSO newsletter!

Error: Please check your email address.

Tags Antivirus & SecurityapplicationsIntrusion detection and preventionsecurity analysis toolsbotnet detectionsoftwaresecurity analyticssecurity advicedata protectionmalwareCheck Point Software Technologiesintrusionsecurity

More about Check Point Software TechnologiesCheck Point Software TechnologiesCheck Point Software TechnologiesFireEyeForrester ResearchNTT AustraliaPoint Software TechnologiesSoftware TechnologiesSymantecWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts