Contact Us

|

Careers

|

Change Locale
close

Stranger Threats: How to defeat the spooky world of advanced malware

Security | Posted on November 29, 2017 by Chris Martin

Season two of Netflix’s blockbuster sci-fi show Stranger Things wasn’t written by IT security pros — but there’s enough overlap to make you wonder.

From scary creatures breaching into our world because of a few stupid humans to using an all-knowing “spy” to watch the bad guys and predict future attacks… if you squint enough, you can see the show as a metaphor for the advanced security. It might even give you some inspiration for what you can do to stay safe!

On Halloween, two Softchoice experts discussed modern malware with two IT security professionals on a video call hosted by Spiceworks. While the live audience had a chance to take home a spiffy Stranger Things T-shirt for taking part, we’ve got the next best thing for you here. Below we’ve recapped the big lessons and advice to help you better prepare for the world of advanced malware protection.

The weakest link: People first security

Much of the second season of Stranger Things revolves around a stupid mistake made by one of the young boys.  He takes home what he thinks is a cute slimeball as a pet. Unfortunately, that slimeball had an appetite for destruction. Soon enough, it became a deranged, rabid dog from hell.

Sound familiar? It should. All IT security pros know that their number one vulnerability is their people. From plugging in internet-connected devices to their office PC to clicking on a phishing scam email, people are bound to slip up.

As one of the panelists pointed out, getting the budget for proper training and education is not always possible. So, what can you do?

Solutions like Cisco’s Advanced Malware Protection (Cisco AMP) can shoulder some of the burden for IT admins. Another panelist explained that with it, you can leverage tools such as advanced sandboxing and global threat intelligence to stop known and unknown threats from making their way in. He also spoke about his love for the automated notifications. They proactively tell him where to patch, and give him simple, one-click powers to fix issues.

In lieu of these tools, IT admins can also take a “just say no” approach to fend off threats from the get-go. Want to plug a toaster into the Wi-Fi network? “Nope.” Want to open up a Word Document from an outsider sender? “No way.” While too many restrictions can hamper productivity, it’s always best to limit the risk of people errors if you don’t have the budget, or resources, to prevent them with education and training.

The spy: Continuous monitoring, analysis and cloud intelligence

Another major plot point in the new season revealed that spies can be both an advantage and disadvantage. To avoid any spoilers, let’s keep it at that!

Being able to keep tabs on the enemy and track their whereabouts is another crucial component of advanced malware protection. With Cisco AMP, for example, an unknown file might seem OK as it comes into the business. It will receive a hash which will enable you to track how it acts and proliferates as it enters your network. That intelligence and continuous monitoring can be used if the unknown agent turns out to be malicious. This can shut down attacks before they become too severe — and help close any holes in your security that let them in.

You also have to be careful of advanced malware spying on you! Sandboxing is a traditional tactic to fence off suspicious activity before it comes into your network. But advanced threats are getting smarter and they can act normally if they “think” they are in a sandbox. That’s why you need advanced sandboxing capabilities. They fake the environment to seem real, so the malicious intruder reveals itself.

Let’s also look to another source of omniscient knowledge that can give the edge on your enemy: the cloud. Cisco offers an extensive global threat intelligence service through its Talos group. With it, Cisco customers benefit from thousands of other customers, and hundreds of extremely savvy, creative and hard-working security pros. Everything works together to spot emerging threats and stop them dead in their tracks.

It takes a village: Multi-layered security and network segmentation

Stranger Things had many narrative threads and heroes with their own missions. In the end, they all came together to defeat evil, like all great adventure stories.

Modern security pros need to take this message to heart. Almost everyone on the security panel advocated for multiple layers of security to cope with advanced threats. While traditional anti-virus software and firewalls have their place, they are no longer enough. Instead, the speakers suggested numerous facets to a successful security posture, such as:

  • Endpoint protection: As mobile devices and the Internet of Things expand, so does your surface of attack. Today’s IT needs a robust, continuous and intelligent endpoint (EP) solution to maintain control, insight, and security.
  • Network security: An intelligent network, which operates as its own level of security, is also needed. Before a targeted attack even makes its way to your EP’s, security pros can leverage smart networks, and DNS based solutions such as Cisco Umbrella, to stop it.
  • Network segmentation: Dynamic, segmented network access is also crucial as you manage multiple devices and users. There is no reason a printer should have the same network access as an end-user for example. Dynamic VLAN and specific access profiles can and should be leveraged to keep every workload in its place — and only give it the bare minimum access required.
  • Additional firewalls: Another IT leader on the call spoke up about the benefit of employing multiple firewalls. He said having an additional content firewall, behind his traditional one, had been one of the most effective strategies he implemented in the last year.

Getting ready for the stranger threats

The world of malware and hacking is changing. It’s a big business, powered by devious, creative criminals. The only hope for IT leaders to fend off these monsters from beyond is to act like the heroes do in Stranger Things. You must do what you can to minimize human errors; arm yourself with connected, global intelligence; and add on additional layers to create a robust security posture.

We have seen Cisco AMP revolutionize how our clients manage their security problems. If you want to learn more, please get in touch.

And remember, don’t bring any unauthorized creatures into the office. They might look cute — but they could turn out to be hell dogs bent on your destruction!

Related Articles

Collaboration | September 9, 2019 by Greg Treanor

Want your business to stay competitive? Change the way you do business.

Security | September 3, 2019 by Susana Byun

Editor’s note (September 2019): We updated this post with additional resources/links about multicloud networking.  One of the most hyped use cases of software-defined networking (SDN) is micro-segmentation — and for a good reason. With solutions such as VMware NSX, micro-segmentation promises several high-value business outcomes. These include modern security, seamless operations and optimized user experience. Learn […]

Security | July 22, 2019 by Tosan Martey

Softchoice leads the way on integrated and industry-leading threat intelligence, offering a wide array of advisory, implementation, managed, technical and optimization services. “Softchoice has emerged as a clear leader by proving that they have the specialized skills necessary to be the trusted security partner for Canadian businesses.” – Michael Tryon, Managing Director, Cybersecurity, Cisco Canada. […]