How to live with malware infections

Get used to it: Malware can't be completely blocked or eliminated. But you can manage your PCs, mobile devices, and networks to function despite being infected

Page 3 of 3

Malware survival tip No. 4: Be sensible about using consumer devices in the workplace
If you believe in allowing lots of data access for everyone and from every conceivable type of device, it might be time to rethink your data management and access strategy. Limit network access via mobile devices to those users who really need this access, and put in place controls so that those who can get in to the network can only reach certain parts of it.

Personal portable devices such as tablets, laptops, and Wi-Fi-equipped smartphones are becoming ever more popular in the workplace, and users will want to be connected to the corporate network.

But using diligence when granting access -- considering that these devices might be sources of malware -- makes sense. "What we've noticed is that once devices reach a certain threshold of consumer acceptance, malware appears for those platforms," says SUNY Old Westbury's Seybold. "Witness [recent] iPhone and Android attacks."

According to the Ponemon study, the rise of mobile and remote workers, PC vulnerabilities, and the introduction of third-party applications onto the network are the greatest areas of endpoint security risk today. This is a shift from last year's survey, when endpoint security concerns were mainly focused on removable media and data center risks.

Even without the "bring your own device" and "use your own apps" trends to consider how to manage, IT could reduce the ability of malware to spread by rethinking how many apps it deploys for users. "In looking at our line staff, there is no reason they need all the tools loaded on all the systems," says Redwood Credit Union's Hildesheim.

A report released in April 2011 by PandaLabs, Panda Security's antimalware laboratory, showed that the first three months of the year have seen "particularly intense virus activity," including a major attack against Android smartphones and intensive use of Facebook to distribute malware.

The beginning of March saw the largest ever attack on Android to date, the PandaLabs report stated. The assault was launched from malicious applications on Android Market, the official Google app store for the mobile OS. In just four days, these Trojan applications racked up more than 50,000 downloads: "The Trojan in this case was highly sophisticated, not only stealing personal information from cellphones, but also downloading and installing other apps without the user's knowledge."

Malware survival tip No. 5: Build a solid security foundation to protect the organization, rather than to protect devices
Sure, you need antimalware software on PCs and other devices to help prevent infections. But to create an environment where your company can continue to function without malware-related problems even with the existence of malware on some systems, you have to deploy a secure system architecture rather than a security architecture for a system, says USC's Neuman.

"You need to determine issues such as placement of data with an understanding of the application and the risks of compromise of the data, rather than just bolting security solutions onto an existing system," Neuman says. "Good architecture will define multiple protection domains, with successive layers of protection deployed, and fewer users legitimately able to access data as it becomes more and more sensitive."

Along these lines, processor manufacturer Intel has embarked on an ambitious multiyear effort to redesign its information security architecture, which the company hopes will allow it to better keep up with the rapid evolution of malware.

"We believe that compromise is inevitable, and in order to manage the risk, we need to improve survivability and increase our flexibility," says Malcolm Harkins, vice president of the IT group and chief information security officer at Intel.

The redesign is based on four pillars:

  • A "dynamic trust calculation" that adjusts users privileges as their level of risk changes
  • A segmentation of the IT environment into multiple "trust zones"
  • A rebalancing of prevention, detection, and response controls
  • A clear recognition that users and data must be treated as security perimeters and be protected as such

Living with infection is a fact of life
Malware is pervasive and is getting increasingly sophisticated. For many organizations, living with viruses, worms, and other types of malware is becoming a fact of life. In a sense, computer technology is catching up to the reality that biological systems have long had to manage.

As Intel's Harkins says, "I always assume that there is some level of compromise, [and] organizations who think they are malware-free -- or ever will be -- are not adequately understanding the true nature of information risk."

That doesn't mean your systems and applications can't continue to function well and support the business. By taking the right steps, your organization can operate a generally healthy IT environment despite malware intrusions.

This story, "How to live with malware infections," was originally published at InfoWorld.com. Follow the latest developments in computer security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
| 1 2 3 Page 3
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.