Page 100 - index
P. 100
unfettered access to these technologies can expose your organization to a new generation of Web-based
threats and malware. Application Control allows you to identify and control applications on your
network, regardless of port, protocol or IP address. Using tools such as behavioral analysis, end-user
association and application classification can identify and block potentially malicious applications and
malware.
Cloud-based Sandboxing: As cloud-based resources have evolved, the ability to “farm out” analysis and
detection has become a good tool to detect potential threats. A cloud-based sandbox can execute
unknown files and URLs in a controlled system that analyzes the behavior of those files and URLs to
detect suspicious or anomalous activity.
Endpoint Control/Antivirus: The old guard of client-based antivirus and antimalware solutions continues
to provide a solid layer of defense against threats. While most client applications are unable to protect
against zero-day attacks, they can block hackers who have used identical or similar attacks in the past.
Data Leak Prevention (DLP): By properly identifying sensitive data and implementing a DLP solution, an
organization can prevent sensitive information from leaving a network. Data being used at the endpoint,
data moving inside a network and data being stored can all be protected from theft or improper use by
implementing a DLP solution.
Intrusion Prevention (IPS)/Intrusion Detection(IDS): By using a product that provides IPS and IDS, an
organization can add another layer of traffic monitoring to watch for suspicious activity. A good IPS/IDS
system will also alert IT staff of potential threats in progress.
Proactive Patching: A computer is only as secure as the software on it. It is essential for companies to
deploy patches to their systems as quickly as possible. Attackers and cyber criminals waste no time
integrating proof-of-concept code into their malware and exploit kits – in some cases exploits have been
added to an exploit kit within hours or days of a patch being available. By delaying deployment of critical
patches, an organization risks becoming vulnerable to attack. For business intelligence or in-house
applications that require almost constant uptime, it’s critical to keep test machines available to deploy
patches to and test mission critical applications without impacting the main network.
Restricting Administrative Rights: Some companies provide employees with local administrative rights in
order to install drivers or software on an as needed basis. This can be a double-edged sword. While it can
reduce support calls and empower employees, it can also lead to easier access for attackers to install
malware and remote access tools (also known as RATs) on a victim’s computer. By limiting access to
administrative rights whenever possible, an organization may be able to mitigate many attacks.
Network Access Control (NAC): NAC is a solution that can prevent computers on a network from
accessing resources unless certain rules or policies are met. For example, if a computer hasn’t been
patched recently, NAC can place that computer on a segregated subnet that blocks access to resources
until the machine has been properly patched.
100 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
