Friday, September 25, 2009

Scareware And Bots Require Layered Defenses

Defense in depth is not a new idea in security, but the importance of taking a layered approach is more important than ever. The current rise in infections by bots and scareware, along with recent reports on anti-malware endpoint protection, demonstrate how we need to be doing more at every layer.

Maybe you're one of the lucky ones, but nearly every IT person I know has seen a considerable increase in malware infections. The majority of the infections are bots and scareware that have come through a Web-based infection vector -- sometimes exploits against the browser, and sometimes taking advantage of users through social engineering. So what's going on?

I think the first problem is an increase in the number of bad guys out there looking to make money using malware. Unfortunately, there's not much we can do about that, so we have to focus on both proactive measures to prevent the infections and reactive measures to deal with the infections as they occur.

Why both? If we put in preventive measures, then why do we need reactive ones? It's simple. Security controls fail. Something will get through. As I've said before, when it comes to security, failure is inevitable so you must plan for it.

The recent testing by NSS Labs of anti-malware products for consumers and enterprises is pretty disheartening -- especially if you're one of those folks still clutching your antivirus under the covers and whispering to yourself that it's all going to be OK. It's not. Take off the blinders because the report clearly shows the products we are paying to protect our users are not completely effective.

Dark Reading

No comments:

Post a Comment