FINAL WORD
for malware detection , since it ’ s the most notable , attackers will frequently check to see when their
Almost all new entrants into the game are looking to build something and see what they can get past our defenses .
Stopping malware of the future
The storyline behind advanced persistent threats goes far beyond ransomware . The other hot ticket is , and always has been , the exfiltration of data from corporate sources . I have always said that the best way to set your IT security budget is to ask yourself : ‘ What is the value of my data to an attacker ?’ A lot of us overly protect data that is of little use to an attacker yet leave some essential data less guarded because it means less to us . Our customers ’ data and intellectual data are two of the things we typically protect first .
When developing your philosophy on upgrading your network protection , we typically start at the network , then look at connections , then the endpoint itself and then its path to the cloud . Without giving away the whole story now , we typically start with the inspection of traffic coming into the network .
With 70 % of sessions today being encrypted , we also take a hard look at inspecting that traffic as well . Next , we will look to how we inspect for unknown malware that can ’ t be found by a traditional nextgeneration firewall . strains are registered , which takes around two to three days before they must switch gears . With that information , they will build in new evasion tactics based on who found them first and work backwards as they build other versions .
Over time , these malware developers may transition from project to project , bringing their expertise and experience with them when developing a new strain of malware with a new team . When they struggle to build a module themselves or have issues troubleshooting a problem , there is an active and cheap marketplace with customer service available to help fill in the gaps .
Sandboxing engines have been around since 2011 , and they have evolved to look for malware across multiple engines – including within the memory of the system , since this is where a lot of attacks ( such as fileless attacks ) try to initiate to hide how they got into the network and remain undetected and undeterred by security software . Would you believe that customers use Capture ATP with Real-Time Deep Memory Inspection ( RTDMI ) to find between 1,400 to 1,600 new forms of malware every business day , many of these with numerous evasion tactics ?
SonicWall has been in IT security for 30 years now , and we have seen it all . We have morphed from a firewall company into a security platform company . We famously stopped WannaCry in its tracks on our customer ’ s networks three weeks before the first major attack was ever noted .
Today , it is easier to get paid through ransomware and then pay for help developing code thanks to cryptocurrencies . So , for the foreseeable future , you can expect to see more people getting into malware development , with many new variants on the horizon .
We have found and named several new strains throughout our research and continue to develop new and better technologies to help you discover and stop unknown , zero-day and updated attacks on your own network . p
84 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com