Kevin Beaver's Security Blog

Damballa’s Fight Against Advanced Malware

Malware being out of sight and out of mind often creates the perception that risks aren’t present. Just because there’s no perceived risk, doesn’t mean it’s not there. Heads buried in the sand over the real malware threat leads to breaches that most organizations aren’t prepared to handle. Having worked on a project involving an APT infection, I’ve seen first-hand how ugly this stuff can get.

Endpoint protection isn’t enough. Analyzing executables isn’t enough. Even standalone monitoring of network communications and or rating of source malware sources isn’t enough to thwart the real problem. Like the core information security principle, you’ve got to layer controls if you’re going to get the most out of your malware protection.

One of my core information security principles I recommend to my clients is to use what you’ve got when it makes sense. By this I mean use the built-in security controls that your operating systems, databases, network infrastructure devices and so on already have. So many of us assume that we need to buy third-party products to keep our environment secure. This is not true in so many cases.

However, when it comes to fighting advanced malware, it’ll behoove you to use the niche technologies that specialize in this area. The market is tiny (relatively speaking) but Damballa’s Failsafe is worth checking out. I’ve seen Failsafe 5.0 in action and it seems to be a comprehensive solution to a widespread problem that I suspect is only going to get worse. As you’ve heard me say regarding Web application scanners, password cracking and the like, you’ve got to have good tools if you’re going to find (and, in this case, control) what matters.

I’ve written a new paper where I talk more about the advanced malware problem and how Damballa Failsafe 5.0 fits into the overall information risk equation. Check it out.