Network visibility to fight malware

Posted on

Malware is a growing and malicious trend for the new year 2019. Frequently, news comes up about cryptocurrency mining malware. The criminal code is found on servers by chance while the owners have not noticed anything out of ordinary. The malware eats up resources and profits the criminals behind the backs of the legitimate owners. More malware sites appear each day, and the sites disguise themselves better each day. To avoid the threat of malware, user vigilance is important. However, avoiding clicking on shady sites is not enough to avoid all threats. Not all malware needs user interaction, making it extremely difficult to detect and avoid.

 

pic of hacker

Detection within your budget

Threat feeds provide the key for detecting malware. They contain IP addresses of known malware servers. Whenever there is IP traffic to one of those addresses, it is likely that malware infection has already happened. To detect the traffic, one needs to be able to monitor the traffic. This can be done by combing through log files, but that takes time and manual work. Practical time and money constraints mean that security engineers detect infections late, if at all.

To catch the infection in real time, the operators must be able to see instant alerts of infections. Threat detection solutions are available, but they often come with a steep cost of both implementation and operation. Many SoC or SIEM operators are keen to add real-time visibility but are held back by the high costs. The current solutions are mainly feasible only for very large organizations, that are able to invest heavily on IT infrastructure.

Malware is a risk to all organizations, regardless of their IT budgets. Our team in Rugged Tooling believes that malware detection should also be equally available as well. In order to help organizations fight back malware, we have built our PreScope sensors to be as cost-efficient as possible, without limiting the functionality.

 

IT budget

Use case: Adding visibility to the Arctic Node

Rugged Tooling and Arctic Security partner to provide an out-of-the-box cyber security solution for enterprise use. Arctic Node threat intelligence product provides its users with always up-to-date cyber threat information. PreScope sensors from Rugged Tooling integrate with the Node to add visibility to the traffic to alert back on detected threats.

To know more, download our joint whitepaper.