Security measures against malware are best tested by simulating attacks in realistic but contrived scenarios. Malware is an increasingly problematic security threat, and safety measures against its record-breaking growth too often are underutilized.
Not scared enough yet to undertake these measures?
Let’s review the numbers: More than 74,000 malware strains were born every day last year. That meant 27 million new strains were added to a running total of 125 million classified malware samples, according to a Panda Labs annual report. A record-breaking collection of mobile samples was reported by McAfee Labs and just halfway through 2013, the company found more malware samples than it did in all of 2012.
So, as enterprise tech expert Brian Proffitt puts it: “When malware infects our computers, we often wish we could consign that infernal software and its creators to some digital hell.”
While digital hell isn’t yet a commercially available option, here are three tips on simulating dangerous scenarios to protect your network:
Tip #1 – Balance performance with security. Laggy security measures aren’t worth the trouble if they impede organizational performance. The key is balance. “Controls cannot be so restrictive that they get in the way of systems being efficient and workers doing their jobs,” writes Information Week. “Testing with the right tools can help companies identify and strengthen weak points which, in turn, should help them avoid implementing overly restrictive policies for staff.”
Tip #2 – While testing systems, don’t Bogart, PASS – Malware readiness can be assessed using a method known as PASS, an acronym which examines Performance, Availability, Security, and Scalability. Best practices can expose unseen issues such as outdated software or a misconfigured firewall. While running the tests, use these best practices to look out for overall performance:
- Performance: While under attack, how do certain variables fare? Assess factors such as response time, which devices stop working, how users are affected.
- Availability: Which services or systems failed during the malware attack, hindering their availability?
- Security: Checking the security system itself confirms that it’s up to date and performance-ready. Potential pitfalls, such as outdated software, go unnoticed without confirming this.
- Scalability: Address the scale of the issue before, during, and after an attack: how many users are affected? How does this impact your quality of service?
Tip #3 – Perform scaled, simulated attacks using perimeter and malware detection testing. Using network test equipment, simulate malware traffic to examine the capabilities of security devices, firewalls, proxies, and gateways. Once the malware infiltrates the network, intrusion detection systems can identify the source of the problem – sometimes, it does this by tracing the FTP connection back to the malware’s host, according to Spirent.
Amazingly, despite the importance of systematically testing the security measures’ true abilities, test runs like these are largely underutilized. “Unfortunately, in most enterprises, testing security measures is at best neglected and at worst completely overlooked,” writes Information Week, “Given this large volume of new threats, companies can put themselves at risk with just one misconfiguration on a firewall port.”Tags: Data Center,IT Security,Technology