SC Magazine: Intrusion Deception - Making a Case for Middle Ground in Malware Mitigation
Apr 8, 2014
As the Target and Neiman Marcus data breach stories continue to evolve, so too does the story of how to combat malware. Today, the industry is spending billions of dollars a year using signatures to try to stop attacks or post-mortem forensic analyses to try to learn how to prevent future attacks. Problem is, neither of these methods is really cutting it.
In order to stop malware, you need first to understand how many attacks work. Though not always, but certainly often enough, malware follows this path: It looks for vulnerabilities, infects a system, propagates to other network devices, finds wanted data, and, finally, executes and brings home that sensitive data. If malware can't complete this process, attackers won't be successful.
Right now, the industry's attention sits squarely in the wrong place. Instead of solely thinking about how to prevent the initial infection or spending countless dollars autopsying an exploit after the fact, there's an opportunity to rethink the problem—or process—and a solution that lies smack-dab in the middle. The key is focusing on ways to stop malware after the infection, but prior to a damaging data breach.