Many organizations are growing increasingly frustrated and concerned with the endless parade of malware, viruses and security hacks. While it is tempting to think that a better anti-virus package is waiting just around the corner, recent reports from Slate and Symantec suggest that traditional AV protection may be growing less helpful by the month.
Traditional AV is relies on matching a file to a library of known malicious files. By the time an antivirus company detects a new piece of actively exploited malware, writes the detection pattern, and pushes that update out to agents, the malware has already done a lot of damage. The buzz now is around the behavioral detection stuff that companies like Palo Alto Networks and Mandiant are doing.
For now, much of this cutting edge technology is out of the league of most small-to-mid sized nonprofit organizations.
However, there are still ways in which organizations can both prevent and contain infections from new viruses.
Prevention
Use multiple layers of security scanning:
- Application restriction policies
- Managed Antivirus on all devices (if it’s not managed, it might as well not be there)
- Perimeter Edge security for email (which can also be used to block spam)
- Next generation firewall that includes Intrusion Protection and Virus Scanning (some of the firewalls we manage detect risk events every hour)
- Regular, automated security patching of all devices and software
Finally, the importance of educating staff cannot be underestimated. Nearly all viruses require some form of user action to infect a network.
Containment
If the risk of a day zero infection cannot be eliminated completely:
- Reliable backups are critical
- LAN Segmentation (The old LAN model of an internal trusted network is broken. Consider putting servers on a separate VLAN.)
- Review wireless and VPN VLAN access
- Develop a virus disaster recovery plan
While complete protection against malware may never be 100% possible, following these prevention and containment tips can ensure that damage is minimized. With a small investment, your organization can help reduce the potential for costly virus infections.