When people hear the word malware they generally associate it with viruses. However, malware is actually a generic term that can mean many different things. To make the situation murkier, because many people equate malware with viruses, they often mistakenly believe that the way to protect against infection is to simply deploy an anti-virus solution.
While there is no denying that a good anti-virus solution will help a lot, especially if it can do heuristic based analyses of executables, there are other steps that you can take to further reduce the risk of malware infections.
A network scanner can actually help you to be proactive and stop malware before it has the chance to enter your network and subsequently wreak havoc. Let me share a few tips about how a network scanner, a tool that many don’t necessarily think of when setting up your malware defenses, assists you in ensuring that your network remains a malware free environment.
1) Patch Management:
One of the popular attack vectors that malware uses to infect a business network is by exploiting vulnerabilities. These chinks in your armor can range from browser security issues to email client weaknesses.
Even if you block access to disreputable sites, it won’t keep you safe from malware infection. There have been cases where hackers have accessed popular, reputable sites and used them as vehicles to launch drive-by download attacks.
Ensuring that you have fully-patched software can help avoid instances wherein drive-by download attacks, in which malware automatically downloads and installs without the user’s knowledge, exploits known vulnerabilities in your applications. Plugging these holes can go a long way towards maintaining a secure network.
2) Change Management:
Securing your network is just the first step towards ensuring a safe business environment. As an administrator, you also need to be aware of any changes that occur in your network as these can have an impact on the risk of malware infection.
Users might install unauthorized software, new profiles or accounts could be created, or you may even see new network file shares taking place. These all increase the surface area that attackers can use to compromise your network, allowing them to more easily install various forms of malware. A network scanner running periodic
network audits can maintain and monitor a safe baseline and notify you when any such changes are detected.
3) Vulnerability scanning:
Somewhat similar to patch management, vulnerability scanning is a process whereby the different aspects of software patches are evaluated and subsequently network administrators are notified if any are found to pose a security risk. These scans can provide information on a wide variety of issues that include incorrect software configurations, devices that are running insecure default passwords or even server software that has known vulnerabilities but no available patches.
4) Ensuring security software effectiveness:
Having your network protected by a good anti-virus solution installed at your end-points is good. However, it will not offer optimum protection if that anti-virus software is not updated or, even worse, is left disabled. Your network scanner can automate this process saving you considerable time and ensuring no network security risks are inadvertently missed.
5) Monitor for signs of intrusion:
Even if you take the best possible precautions, you can never be completely sure that your system is immune to malware infections. In the event that you do suffer a successful malware attack, mitigating the damage comes from catching the infection as early as possible.
An executed malware program will often take steps to cover its tracks and become invisible by attacking anti-virus software, and possibly even by hijacking system-calls. Therefore, the more eyes there are looking for system changes, the more likely you are to detect a tell-tale change in your network setup that gives away the presence of the malware. You can then begin an investigation to discover the malware and remove it.
Nothing provides you with more eyes than a network scanner. This will monitor your system for a large range of changes, enabling you to detect the creation of new users or new groups, changes in system policies, the disabling of anti-virus software, the installation of new software or even changes in the privileges of existent users. If these are found, the network administrator is notified and the malicious software can be removed.
As we can clearly see, while a network scanner is generally not the kind of software tool we would think of when considering malware prevention, it can none the less offer you a unique toolkit for the prevention and detection of malware infections. If you want your system to be safe, shouldn’t you equip yourself with every possible advantage?
This guest post was written by Emmanuel Carabott on behalf of GFI Software.