Modern Malware Threats: What is the Best Security Strategy?
As security standards from governing bodies like the Federal Financial Institutions Examination Council grow, financial organizations are turning to multiple integrated layers of technology to protect their information and endpoints.
Modern security strategies have evolved past traditional approaches and anti-virus is now only one part of the layered solution.
Anti-virus still plays a crucial role in every company’s security infrastructure, and is one of the tools that help organizations meet regulatory compliance for safeguarding data. Anti-virus works by blocking viruses from infecting a computer and by scanning and removing any malicious programs it detects. But anti-virus alone cannot compete with the constant creation of new malware samples.
Over 20 million new malware samples were engineered in 2010 alone, thus ‘blacklisting’ anti-virus solutions cannot keep up with the exponential rate of malware growth. Since anti-virus relies on a file signature in order to detect and deter a virus or other malware, it is only effective if a malware piece already has a signature attached to it. To combat this problem, one successful technology approach that is gaining increasing recognition is application whitelisting.
Application whitelisting utilizes the opposite approach to blacklisting. Rather than attempting to identify and stop the infinite number of malicious applications that are attacking your network, whitelisting focuses on the limited number of approved applications allowed to run in your network. For example, when a user is surfing the Web and accidentally stumbles on a malicious website that attempts to silently install a keystroke logger on an endpoint, this spyware will simply not execute because it is not on the whitelist.
With a good application whitelisting solution, IT can ensure license compliance by limiting the version and type of applications allowed to be installed and run. Additionally, since only approved applications are allowed to execute, unwanted programs such as messaging and games can simply be blocked, ensuring no drain on productivity. An effective application whitelisting approach is extremely beneficial but a third and final layer is needed to complete the security solution; instant system restore.
Instant System Restore
An instant system restore solution enables an instant recovery to a known pristine state without sacrificing user data or personalized configuration settings. This also creates the ability to recover from non-security events, like user error, software misconfiguration, and to re-provision or re-task computers immediately. The ability to quickly recover after any breach of security is indispensible.
Benefits of a Layered Security Approach
Implementing a layered security approach for endpoints is essential to keeping business-critical systems safe from modern malware threats. Benefits abound but some specifics, along with keeping machines up and running at all times, include:
Keeping Data Safe. Financial organizations can rest assured their reputation stays intact, customers are satisfied and legal costs are minimized.
Ensuring Regulatory and License Compliance. By understanding who is executing which applications, IT can gain strong visibility into licensing situations.
Reducing IT Costs. IT support tickets costs time and money. Additional layers of protection reduce IT support tickets and help decrease degradation of systems, keeping
A layered security approach is the most effective way to keep an organization secure and should of interest to all management parties for its direct impact on the bottom line. The implementation of multiple security layers can offer a numerous ways to not only reduce the cost of security expenses, but to also satisfy increasing industry regulations.
Kelly Batke is communications manager for Faronics Corp. of San Ramon, Calif.