It takes less than half a second for a user to unknowingly infect your network. In this blog post we cover the five stages of a malware attack, and how to analyze your environment for complete protection.
The new and creative ways malware is disguised
Malware only needs one entry point like a hijacked website or an email that contains a malicious download link. According to Sophos, malware attacks some from:
Invisible 0x0 pixel iFrame: Also called a drive-by download, the user automatically downloads malicious web code when visiting a web page.
Darkleech: a rogue Apache web server module that allows attackers to inject malicious iFrames into websites.
Stolen login credentials: You already know how easily passwords are guessed or obtained!
Elaborate Traffic Distribution Systems (TDS): Once the download reaches the browser, the TDS creates multiple redirects that are impossible to blacklist. Sutra is a popular TDS and available for $100 and offers more than one million clicks per hour on a low-end server.
Fake updates: Designed on the coattails of large security patch releases or software updates (think Heartbleed bug removal or Java update) these ‘updates’ spread through large swaths of users through effective SEO
Video player: A shortlink on facebook takes users to a video player that, when clicked, prompts the user to download an update to Chrome video player. The file is detected at TROJ.KILIM.EFLD.
These are just a small handful of creative ways that hackers will try to infect your network. Once one file gets in, often automatic emails are sent to the users’ contact lists, spreading the malware through a trusted host.
The 5 stages of a malware attack
What really happens behind the scenes when one of your users executes malware on their OS? In the chart below, Sophos describes the five stages of a malware attack, along with some useful data on how prevalent (and easy to find) malware really is:
How to gain complete control of your endpoints
Blocking malware is only one part of a total endpoint protection solution. So how do you determine your own requirements and identify a vendor that will meet your unique security needs? As you evaluate your endpoint security posture (and the products available) you should ask the following questions:
- What is involved in deploying the solution and configuring it for optimal or “best practice” protection?
- What steps are required to add exceptions to policies (e.g., allowing a specific USB drive to be accessed or a specific website to be visited)?
- What impact (performance and usability) will the product have on end users?
- What level and hours of support are included standard with the product?
- How has the product evolved recently to protect against new, advanced threats?
- Does the product provide web protection and filtering, even when users are off the corporate network?
- What bundles or suites are available that can extend the endpoint product to more completely protect users and data?
- What are the vendor’s plans for integrating products and technologies to deliver better, more comprehensive and simpler to manage security?
How Sophos Endpoint Protection stands out from the crowd
Endpoint protection is more than just malware, and there are several features that must be in place to make up a holistic security solution. The chart below, from Sophos’ Endpoint Buyers Guide, compares the features you’re looking for, against the other major security players.
As you can see, only Sophos and Intel Security offer the most complete protection for your environment, and here are the areas where Sophos may offer a little extra value for your investment:
- Category-based web filtering enforced on and off the corporate network
- Point-and-click blocking of applications by category or name
- Managed access to removable media and mobile devices
- Data Control Data loss prevention (DLP) using prebuilt or custom rules
- Optional mobile device management and security
- Your choice of cloud-based or on-premise management
Also, the tool is very simple, see the dashboard for yourself with these screenshots. Available on or off-premise, the choice is flexible for security managers looking for a solution with all possible features.
Sophos Cloud offers web-based access to a unified console with policies that follow users across devices and platforms. Our on-premise solution gives you granular control, with role-based administration and an SQL-based reporting interface. Both deliver outstanding performance and protection licensed per user, not per device.
Get a free trial from Sophos and Softchoice
With dedicated Sophos expertise Softchoice has the strength of partnership and depth of knowledge to help you get the endpoint protection solution that will protect your users from the most creative malware attacks. Get a free trial here!
To learn more, reach out to your Softchoice Account Manager, or Chris Walsh.