Last week we talked about how one weak link can open the door to a Cyber Incident. We discussed the weak link of old, unused user IDs remaining in your network. Today we will discuss the potential weak link in Malware Protection.
Most of us are familiar with the idea of Malware Protection. At its most basic, malware protection is seeking to protect your devices (e.g., servers, workstations, laptops) from malicious code. It should also notify you and/or start remediation if something does get through and is found after the fact. What you may not be aware of is that there is more to Malware Protection than installing a simple Anti-virus solution and walking away. Not all solutions are the same, and all require maintenance.
Even with the most basic form of malware that most people are familiar with on their workstations or laptops, it is important to pay attention to its status, even after it is installed. Software that is disabled or down-level can’t protect you if it isn’t working properly.
Because basic anti-virus has limitations on its adaptability, more sophisticated solutions have been created. These solutions have artificial intelligence that continually adapts to identify malware or suspicious behavior. Some of these more sophisticated solutions are even bundled with 24x7x365 Security Operation Centers (SOCs).
With bad actors constantly evolving new ways to breach device security, the current best practice is to deploy a layered malware protection strategy. With a layered malware protection strategy, you have more than one detection/protection method deployed, especially on critical devices and systems. The idea behind this approach is that no solution can be 100% foolproof, but if you have multiple solutions, what one misses the other will pick up. For example, a laptop or server can have a basic antivirus solution (e.g., Microsoft Endpoint Protection) along with an AI/SOC-based solution (e.g., CSI’s CSEDR), and for increased protection, a solution that tracks endpoint changes (e.g., CSI’s Huntress).
Remember that even deployed layers of protection are only as good as the upkeep. Like locks in a home or a home security system, these protections are only good if they are deployed on every device and kept in good working condition. You can have the best home alarm system, but if you don’t turn it on, or if it breaks, it won’t do much for you. In the same way, it is important to make sure that whatever malware protection solution you are using is installed, kept up-to-date, and is operating as it should on every device in your network.
Next week’s bulletin will discuss “Cyber Attack - Are you as protected as you think you are? (Part Two-Patching)”
This week’s suggestion:
- Talk to your Tech Director about what malware protection you currently deploy and if you are using a layered approach.
- Ask if your solution is deployed on every device in the network.
- Ask what process is used to make sure your solution is functioning correctly and stays up to date
- Continue (or start) the process of coming into line with the NIST Cybersecurity Framework guidelines
If you would like more information on Malware Protection Solutions or navigating the NIST CSF journey, please contact Lisa MacDougall at firstname.lastname@example.org or call 845.897.9480.