Detecting Malware that Walks Into Your Network

Detecting Malware that Walks Into Your Network

Corporations take extensive measures to monitor, detect, and stop malicious code from entering the enterprise via the Internet. But what about detecting malware that walks through your enterprise’s front door and into your network—hidden in the devices that your employees, contractors, or delivery personnel are carrying?

business people walking blog

A case in point. IBM recently disclosed that they had shipped an unspecified number of malicious USB flash drives to some of their customers. The drives, when inserted, infected the victim’s PC with malware. IBM eventually discovered the infected devices and released a support advisory, urging customers to destroy the USB flash drives to prevent their use and the spread of infection.

Other considerations

The incident highlights how important it is for organizations to identify malware that enters their network through means other than traditional Internet-based threat vectors (email, file downloads, and malicious website). In addition to perimeter controls, organizations need to protect against malicious objects on laptops, phones, wearables, or USB devices that are physically carried in by employees and partners—or in this case, the shipping and receiving department.

Malicious USB drives are responsible for a significant number of data breaches. But other devices that walk into our enterprises each day can inflict even more damage. The number of smartphones infected with malware is dramatically increasing.  Nokia reports smartphone infections increased 83 percent during the second half of 2016 (as compared to 96 percent during the first half of the year) and according to Gartner, only 23% of employees are given corporate-issued smartphones.  That means close to 80% of the smartphones at the average enterprise are employee-owned and managed. A lot of them have poor security and are infected.

Detecting suspicious activity

Endpoint antivirus solutions are capable of identifying some of this walk-in malware but are largely ineffective. To adequately protect themselves, organizations need a solution that detects malware by its structure and behavior as well as by its signature. Network monitoring for malicious traffic and connections is of particular importance. Malware will almost always attempt to contact the criminal’s command and control servers. Detecting those connections and other suspicious network activity is both critical and effective.

Network perimeter controls are essential. But organizations must also be able to detect malware that bypasses those controls and is already inside the organization.

Brian Laing

Brian Laing

For more than 20 years, Brian Laing has shared his strategic business vision and technical leadership with a range of start-ups and established companies in various executive level roles. The author of “APT for Dummies,” he was previously vice president of AhnLab, where he directed the US operations of the internationally known security and software leader. Brian previously founded Hive Media where he served as CEO. He co-founded RedSeal Systems, where he conceived the overall design and features of the product and was granted two patents related to network security. He was also founder and CEO of self-funded Blade Software, who released the industry’s first commercial IPS/FW testing tool.
Brian Laing

Latest posts by Brian Laing (see all)

Tags:
,