Securing your IT systems and data using antimalware threat protection is a perfect example of how an ounce of prevention is worth a pound of cure. Protecting your data, often a company’s most valuable asset, is a cat and mouse game. Meaning, it’s important to not only put protection systems in place, but to monitor and adjust them for newly emerging threats. For many of our clients, the best practices outlined below are mandated by industry regulations, client audits, or data-loss insurance requirements.
Because hackers are constantly changing tactics and seeking out new vulnerabilities, no one security technology can be 100% effective. The best practices below are a multilayer approach of protection, monitoring and updating. These best practices can be broken down into the following categories:
- Multifactor Authentication
- Centrally Monitored Antimalware
- Off-Site Data Backup and Business Continuity Planning
- Password Management
- Network Firewalls and Remote VPN
- Operating System and Application Patching
- Security Vulnerability Scanning
- User Education
See our previous blog for a discussion of Multifactor Authentication, also known as MFA. In this blog we will cover the second topic, centrally monitored antimalware.
There are two important factors to consider when selecting an antimalware technology. The first is the mechanism used to identify threats. And the second is monitoring and responding to events. There are a wide range of antimalware solutions available. Traditional antimalware technologies rely on pattern files to recognize previously discovered malware. But hacking strategies are emerging too quickly for this type of approach to remain effective. The new generation of antimalware technology, such as VMware’s Carbon Black, monitors every program’s interactions on your system. It can identify potential malware by looking for suspicious patterns of behavior or by checking the application’s reputation within a database of known programs. If an application is suspected to be malware, it will be immediately blocked from running and the event will be logged. If upon further inspection the application is determined to be safe, it can be added to an “allow list,” ensuring it will run unimpeded in the future.
Along with selecting effective antimalware technology, it’s equally important to monitor suspected threats found on a system so that appropriate follow-up can be performed. Antimalware monitoring can also alert you to systems where the antimalware technology has been uninstalled or isn’t reporting in to a centralized management console. End users are typically focused on their tasks at hand; reaching out to support can be seen as a waste of time. Thus, we’ve found that relying on end-users to notify you if their antimalware software isn’t working or if a threat has been detected, can be a recipe for disaster. A centrally monitored antimalware system provides the proactive approach needed to keep systems safe.
Look for our next blog on “Off-Site Data Backup and Business Continuity Planning” coming soon.