Innately slithery creatures, malware often goes undetected. However, in order to adequately defend against malware attacks, it’s imperative to be able to spot them. To enhance detection of malware, consider these six steps:
1. Inventory and monitor network devices.
If it’s connected to your network, your security team needs to know what it is. Utilize active monitoring and configuration management to maintain a current inventory of network devices. This will reduce attackers’ ability to find and exploit unauthorized or unprotected systems.
2. Maintain and monitor security audit logs.
To make security audit logs work for your team and not inundate you with lengthy and redundant reports that are impossible to sort through, generate standardized logs for each hardware device. The logs should include installed software, install dates, time stamps, source addresses, destination addresses, and other packet information. The logs should be stored on a dedicated server. Run biweekly reports to quickly identify and document any anomalies.
3. Monitor and control accounts.
Review all system accounts regularly and disable any that are not actively in use by an approved user for an approved purpose. For instance, if a group account is inactive, disable it. This will limit attackers’ ability to impersonate legitimate users or ex-employees.
4. Assess security skills and train accordingly.
Not every member of your security team needs to be an expert on malware. However, it’s important to know where your resident experts are, and how much training the rest of your team needs to fill the gaps.
5. Implement an incident response plan.
If someone’s computer was infected with malware, what’s your protocol to remove it? Who will handle the ticket if it happens in the evening or over the weekend? Without a proper plan in place, incident response time is drastically slower, giving malware more time to spread. A good incident response plan has clearly defined roles and responsibilities for each member of the security team.
6. Test, test, test.
To improve detection, it’s important to conduct penetration testing. This will help your team discover where vulnerabilities are and where security visibility needs to be improved. For maximum effects, consider red team exercises to test vulnerabilities your team might not even think to test against.
Assess Your Security
To receive an information security assessment and learn the best solutions to defend your users against malware, Email PCM or call us at 800-700-1000.
Join the Conversation
Share your thoughts and questions in the comment section below. To get the latest news from PCM, follow @PCM on Twitter, join us on Facebook, or connect with us on LinkedIn. To get the latest news sent straight to your inbox, join our newsletter.
The post 6 Steps to Enhance Detection of Malware Attacks appeared first on PCM News.