FEATURE
JM : Malware protection no longer relies solely on antivirus software , as cybercriminals are using advanced techniques and services to improve obfuscation and avoid detection . In order to mitigate risk , fast prevention , fast detection and fast reaction are critical ; CISOs should work to improve at each phase . At a minimum , CISOs should ensure they consistently apply patches and software to avoid exploitation , educate employees ( at all levels ) about cyberthreats and social engineering pitfalls and deploy threat intelligence feeds .
Nicolai Solling , CTO at Help AG
Roland Daccache , Senior Regional Sales Engineer – META , Fidelis Cybersecurity
The latter helps detect ongoing infections , monitor stolen credentials and data leaks , and increases visibility
Evaluate independent endpoint detection and response tools to further improve protection and recovery processes .
of potential exfiltrations . This knowledge should then be used to create procedures and protocols that should be activated in the event of an attack .
RD : There are many steps I would recommend CISOs to take when it comes to having a sound malware prevention strategy :
• Deploy anti-malware solutions over all assets that support end point agents
• Deploy anti-malware on cloud assets and perimeter to cover the gaps of IOT devices and legacy systems
• Apply a strict patch management process that reduces the infection surface
• Apply proper network segregation to contain malware
• Limit admin privileges to the maximum extent possible to avoid malware privilege escalation
• Train employees on identifying phishing emails and links
Prevention doesn ’ t always work , so investing in detection and response solutions ( deception , EDR , SIEM ), is your best bet to have full enterprise wide protection .
NS : I am often surprised by how many cybersecurity teams overlook the fundamental aspects of security . Even though email is known to be the primary infection vector for over 90 % of malware , most organisations fail to properly protect their employees from receiving malicious emails in the first place . Or consider the privileges that users have ; there is almost no justification for a typical user being granted admin privileges on their endpoint , but this is often the case and allows them to run executables that result in malware infections .
My advice to CISOs therefore is to stop looking for the silver bullet ; this simply doesn ’ t exist in the world of cybersecurity . Instead , carefully analyse your security processes and policies to identify the simple ways in which you can harden your security posture . In the end , attackers too have limited resources and therefore tend to go after the lowest hanging fruit . If you address the critical simple steps , you make your business more resilient to the large volume of malware and other cyberthreats .
How should organisations set about choosing the correct malware prevention tools ?
JM : Fighting malware attacks requires several different steps , starting with prevention , followed by detection and then reaction .
The best solution is in fact to combine different security modules to mitigate risk at its different phases .
Ideally , a proof of concept phase is required first , so an organisation can evaluate whether a specific tool accomplishes its cybersecurity objectives . Indeed , the perfect tool for one organisation might not work for another , whose objectives and resources are different . Modular cyberthreat intelligence bespoke to an individual organisation can be deployed rapidly and effectively to bolster their security posture .
RD : There are careful considerations to take when selecting a malware prevention tool , such as next generation and behavioural features outside signature-based detection , trusted third party product reviews , detection rates , machine learning , reliance on cloud updates , system impact , etc .
I also invite organisations not to fall for ‘ all in one super endpoint protection solutions ’ and evaluate independent endpoint detection and response tools to further improve protection and recovery processes . u
50 Issue 02 | www . intelligentciso . com