Defeating Malware: Isolate and Sanitize Rather than Detect
Detection has historically been at the foundation in the fight against malware infections. In theory, if malware can be detected, then actions can be taken to mitigate. Yet, as history has also shown, this “detect and then act” sequence has chinks in its effectiveness armor.
To be effective, malware detection and mitigation need to be comprehensive, accurate, intuitive (i.e., straightforward interpretation of detection alerts), and as rapid and scalable in operation as malware developers. Also, user transparency and a low tax on physical IT assets (bandwidth, storage, and computation) and staff (lifecycle administration and user helpdesk) are equally important, so the cost of waging the war does not offset the gains.
Indicators of inadequacies in anti-malware defenses are, however, present. First, legacy anti-malware approaches that rely on signatures for detection are in a constant catch-up race against malware developers along multiple tracks: volume, development speed, and sophistication. Moreover, there will always be a time lag between when evidence of a malware infection is detected and when a signature is developed and implemented. Malware will almost always claim a first victim. Second, recognizing that the signature-based approach has limitations, new approaches have entered the market. Most prominent of these is sandboxing. In sandboxing, suspicious programs are placed into a containerized environment where their behaviors are analyzed; and, if determined to be malicious, mitigation decisions follow.
Learn how to effectively navigate the market research process to help guide your organization on the journey to success.Download eBook