• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

How to Protect Network Against Advanced Malware

by wing

Advanced malwares are extremely stealthy and attack targeted protocols and applications. In most cases, the attackers use these malwares to steal sensitive information from the governmental institutes financial institutes, especially the credit card service providers .

Major Concerns about Advanced Malware:

They are discovered after the attack has been taken place. So, you do not have a clue what is going on with your sensitive data unless you detect the presence of advanced malware in your system. When you are planning against advanced malware your primary target should be detect it as soon as possible. By using Garter’s 5 styles of advanced defence framework, you can apply the following five defence mechanism in your network:

advanced malware protection

Traffic Analysis

Under normal circumstances, your network follows a specific traffic pattern which you can easily recognize when you analyse your traffic for a month or so. When you discover any unusual traffic signature, you can investigate the root cause of this pattern. For example, anomalous DNS traffic in a network is a good indicator of botnet activity. So, be familiar with the traffic pattern and flow of your network.

Tools: You can use any traffic capturing tool or even content capturing tool to analysis your network

Network Forensic

They capture full packets and store the traffic, which later can be analysed and generate report to find the existence of advance malware. Unlike any packet capture tools, network forensic tools can extract and retain metadata.

Payload Analysis

Payload can be considered as the cargo of data. In a packet, payload is the actual data that has real meaning to the end users. By analysing payload of normal traffic, you can create a profile of your network’s data. If anything does not match your normal payload can be investigated to detect malicious activity. Unfortunately, payload analysis cannot track the endpoint behaviour for a period of time after discovering a network compromise. To track post-compromise activity, you need to use endpoint forensic analysis.

Endpoint Behaviour Analysis

You can analyse your endpoints behaviour with more than one approach. One approach is the containment of the application. As you know that containment means restricting the something in order to curb its ability to do harm. The suspicious application is isolated from the other applications and kept in a virtual container. Thus it reduces the chances of spreading the malware in the network. Another approach used to analyse the endpoint behaviour is to monitor the system memory, configuration, processes and to use techniques to respond to any real-time threat events.

Endpoint Forensic Analysis

Normally, the incident response team uses endpoint forensic analysis as a tool to collect data from the computer for suspicious activities. This technique helps to specifically identify the compromised computer and to detect the behaviour of the malware program.

Depending on the size and sensitivity of your data you can implement any or all of the mentioned framework in your network. Unless you have significant number of IT security professionals in your organization, you may not be able to use all of the techniqes. For this reason you need to figure which framework or combination of framework works best for your network.

Always remember that there is no magic bullet to protect a network and no single defence mechanism and products has the ability to defend against all types of advanced malware attack. When you implement a malware defence framework, pay attention to educate your IT professionals and the end users about the common symptoms of a comprised network and systems. Besides, never underestimate the power of continuous monitoring. A person dedicated to monitoring may not find anything in months but when he will identify an early attack signature, you will save both reputation and money of your organization. So, do not always think about money when you need a dedicated network security monitoring team for your network.

 

Related Posts:

  • How to Protect Networks against Advanced Evasion Techniques(AET)
  • Top 12 Effective Ransomware Protection Tips
  • Tips for Network Security Breach Investigation
  • 20 Ways to Secure Home Network
  • Definition of 7 Types of Malware

Filed Under: Network Security Tips Tagged With: malware, network, protection

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • How to Renew Self-Signed...
  • 3 Simple Steps to Capture...
  • 8 Effective Ways to Impro...
  • 7 Different Types of Fire...
  • Types of Virtualization T...
  • How to Configure AAA (TAC...
  • Active vs Passive FTP Mod...
  • 3 Steps to Install Miniku...
  • 9 Types of Digital Securi...
  • What is Digital Certifica...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

audit AWS backup basics browser check cisco cloud computer configuration data database email firewall gmail hsrp ids iis informaiton internet it kubernetes linux load balancing malware microsoft network protection redundancy risk router security security tips server SSL switch test tools vpn vrrp web webserver website windows wordpress

Copyright © 2010-2021 ·All Rights Reserved · SecurityWing.com