On October 31st, McAfee’s community of security professionals and Former VP of Research at Gartner, Richard Stiennon, took to Twitter for an hour-long #SecChat on The State of Advanced Malware. We had an insightful conversation that included more than 200 tweets from 31 professionals. Highlights from our October #SecChat are below.
Defining Advanced Malware
The first question posed to our participants was “How do advanced malware attacks differ from previous forms of malware?” A variety of responses were offered, largely agreeing that the “target” of an advanced malware attack is what separates it from earlier forms of malware.
@Anton_Chuvakin also stressed the importance of defining the term, “advanced,” which led many participants to offer up opinions. Malware that is targeted, custom, and mass-produced can be described as “advanced,” or as @jc_vazquez noted, advanced malware can be considered anything that makes it through existing defenses.
Sandboxing as a Partial SolutionEffects of Advanced Malware
When asked to define the effects of advanced malware, #SecChat participants had mixed responses. Many agreed that the most effective advanced malware attacks would fly under the radar—and with attacks so stealthy, it’s difficult to say what the effects truly are. @Smasiello said this best: “Most obvious is data theft, but the best attacks don’t leave any visible damage.”
So what can be done to stop these stealthy attacks?
We asked participants whether detection methods such as sandboxing were enough to tackle the problem of advanced malware. This yielded what was perhaps the liveliest discussion of the hour. Sandboxing is a partial solution, and certainly helps aid in the discovery of advanced malware, but as @grap3_ap3 points out – we need more.
@Stiennon also noted that the creators of advanced malware are fully aware of sandboxing technologies – and they do everything they can to avoid detonating when “sand” is present. Adding to that point, @Ksingletary tweeted that “Adv. Malware lies in wait, and self-constructs over time – never detected as a whole code on the network.” Advanced threats are playing the slow game.
Fighting Against Advanced Threats
If sandboxing can’t protect against advanced malware – what will? We asked participants to tell us about the key components to a successful advanced malware protection strategy. Not surprisingly, there were many recommendations, ranging from basic blocking and tackling (vulnerability scans, timely patching programs, and basic malware detection) to tracking data movement (is the data encrypted before it’s moved “off-net?”). Richard Stiennon offered up a short list of tangible solutions:
@Smasiello noted that in addition to protection, a good response plan and policy is also needed. Unfortunately, companies aren’t providing adequate security training and tools to enable their teams to defend against advanced attacks.
Obstacles to Preparedness
When we asked our #SecChat participants, “What is the biggest challenge that your organization faces with regard to advanced malware?” the feedback was unanimous: Better hiring and training for security and AV admins.
McAfee offers webinars, classes, and the strongest advanced anti-malware technology on the market to keep security professionals and their companies protected. It’s our intent to educate the security community on the dangers of advanced threats, and it’s with chats like this that we hope to open the dialogue.
Next month, our #SecChat will be held on the topic of “The Hidden Side of Shadow IT.” Please mark your calendars for December 5th at 11AM PT and look for additional information coming your way from @McAfeeBusiness.