Fighting Advanced Malware

Posted by Mark Greisiger

A Q&A with Ramon Peypoch of McAfee, Inc.
One of the most insidious enemies of data security is advanced malware. But what are these advanced persistent threats, and how can companies protect themselves from them? I asked Ramon Peypoch, VP of Web Protection at McAfee to share his expertise.

Can you please define ‘advanced malware’ and describe the harm it can bring to an organization?
There’s a confluence of different situations that can fall under the term advanced malware, but basically these are stealth attacks that tend to get past existing security solutions. The threats might come from state-sponsored entities such as the Chinese or Russian governments trying to penetrate United States government networks or steal IP from commercial enterprises. What we know is that advanced malware is responsible for a great deal of loss in terms of IP and financial assets. In terms of the actual techniques involved, advanced malware typically combines sophisticated hacking, social engineering and spear fishing that allow an intruder to go undetected in your network for a long period of time. One example might be something that looks like an email from a friend telling you to click on a link to view vacation photos—you click on the link and nothing seems to happen but important code is downloaded to the machine that would “wake up” the next time you enter in PII. The bottom line is that these are very real threats being perpetrated by very sophisticated people. This is not some 13 year-old antisocial kid trying to make a name for himself.

How common is this threat for organizations?
Research shows us that the true cost of cyber crime is staggering—multiple billions of dollars of losses on an annual basis. If you are a business with any type of sensitive financial information or intellectual property, you are a target. And unfortunately hackers don’t just go after the largest organizations. They actually get the most bang for their buck with small and medium enterprises, because these are often more susceptible than the big guys.

How does advanced malware get through the system? Are organizations failing to implement controls that could stop it?
Basically, advanced malware can defeat signature-based defenses—the conventional security solutions that most people are using today. These are great at stopping already-identified threats but they won’t catch anything new. Since traditional solutions are not effective, the gap is widening, allowing the threats to grow exponentially.

What can a company do to mitigate this exposure proactively?
The easy answer from my perspective is to look into McAfee’s solutions. We are taking a different approach to solving this problem. We use the traditional signature-based solution and complement it with a specific advanced malware solution that uses cloud-based lookups and analysis including a hash of malware sent to different parts of the McAfee protection network. Once it’s identified, it’s stopped right there at all the endpoints and we can do a lookup to make sure nothing has been compromised—if it has, we initiate a remediation process. Unlike a lot of our competitors’ solutions, it’s not just a malware sandbox, it’s actually multiple products working to combat the problem in an integrated way.

In summary…
Ramon underscores the problem that many of our clients are seeing and combating on a daily basis. The bad guys are very smart and often one step ahead of both human and electronic security measures, giving them unauthorized access to information-based assets. Even clients with sophisticated IT operations and large security budgets can fall victim simply because there are so many variables and third-party dependencies to control. (A few examples include a large server farm with an unknown system missing a patch, mishaps with vendors, or staff that get duped.) Organizations need to keep this in mind when selecting solutions for combating malware.