You may never have heard of Dr. John Snow. But the methods he used more than 150 years ago to solve the mystery of a cholera outbreak in London can be applied today to help you get to the heart of a malware outbreak in your enterprise.
Briefly, in 1854 there was a cholera outbreak near Broad Street in London’s Soho. Snow, an English physician, plotted each case on a map of the area and noticed that the incidents of cholera occurred primarily near the Broad Street water pump. He requested that authorities remove the pump handle and the epidemic, which had claimed nearly 500 lives, soon ended. Not only did Snow’s findings save countless people, but by having identified the source, Snow is credited with identifying the method of transmission and prevention of this deadly disease.
[In fact Snow was born 200 years ago last week – and London’s tech journalists have cause to celebrate his name. We often avoid cholera by drinking at the John Snow pub located close to the site of the infected water pump, and near to TechWeek’s editorial office – Editor]
When it comes to malware, despite best efforts and multiple layers of security, infections prevail. To truly eliminate malware and the risk of re-infection you have to get to the root cause. The challenge is that most products focus solely on detection and give little recourse after an infection occurs.
The most common way organisations discover an infection is with a call to a help desk. They might also learn of an infection when a detection tool is updated and discovers malware previously missed. In this case the detection alert is actually an infection alert; the malware has already permeated the network and has likely infected a number of devices.
However you identify malware, once you do so, it’s critical to first quarantine the device to minimise the risk to other devices on the network and then clean the infected device. But that’s not enough to eliminate the malware. That would be the same as if Snow had simply focused on individuals exhibiting symptoms and treated them – he would never have found the root cause of the outbreak and stopped the spread of the disease altogether.
In addition to the ‘who,’ understanding ‘how’ the malware permeated the network is also critical to reducing the risk of re-infection. Identifying the use of non-sanctioned software plays an important role in stopping common vehicles for malware. By using blacklists and whitelists to control applications and identify rogue software you can greatly reduce your attack surface. Keeping current with the latest versions of browsers and productivity tools essential to your business’ operations can reduce the number of infections dramatically. In addition, because security has become an exercise in risk management, every IT department should conduct their own risk assessment when evaluating software packages. Certain packages introduce higher risk and may not make sense to deploy in your environment.
The most advanced malware protection provides the ability to retrospectively alert and quarantine files previously classified as safe but subsequently identified as malware. Because today’s advanced malware can disguise itself as safe, pass through defences unnoticed and later exhibit malicious behaviour, this is an important capability to minimise damage after an attack and remediate.
Today’s malware is more damaging and more difficult to defeat than any threats we’ve experienced in the past. By extending the security envelope beyond blocking and detection to inference, contextualisation, and retrospection, we can build truly intelligent controls that give us the power to really deal with the malware problem.
Dominic Storey is technical director EMEA of Sourcefire.
North Korea-liked hackers have stolen a record $1.34bn in cryptocurrency so far this year, as…
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…