Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Malware Security Testing Strategies for Enterprises

September 9, 2013

Thanks to Ankur Chadda for this guest post. Ankur is a product marketing manager at Spirent Communications which covers thesecurity and applications market segment to achieve technology solutions.

For most companies, propertesting of security measures is often overlooked or completely ignored. Therisk is great, with tens of thousands of malware strains introduced every day. Nearlyevery IT environment utilizes security systems to help detect and stop malware.These might include firewalls that can be configured with various rules, UTMsystems offering content filtering, gateway antivirus, and intrusion preventionsystems (IPS).

While various systems are used to spot and stop malware, such asfirewalls, gateway antivirus tools, intrusion prevention systems and deeppacket inspection, these solutions are themselves not frequently tested.Stopping the highest percentage of malware requires testing these solutionsunder high-scale realistic traffic conditions.

Challenges

Bring Your Own Device (BYOD) policies introduce morecomplexity due to the risk of out-of-date security. Companies need to balanceworker’s demands with controlling company data.
Sophistication of the attacks – malware criminals areutilizing mobile-based malware to commit fraud or gain personal data.
Risky user behaviors such as bad password protection or frequentingquestionable sites.

Importanceof testing – And Best Practices

Finding the proper balance is vital between resources required to aggressivelystop malware and allow the organization and staff to operate withouthindrance. Testing allows IT to gauge strong or weak points in their defenses,so they can implement fixes instead of restricting access. A proven testmethodology follows PASS (performance, availability, security, and scalability).Thismethodology provides answers to several questions including how is user QoSaffected by latency, when devices fail do services also fail, and how manythreats can systems currently detect.

Gateways, firewalls and IDS should all be tested underscale so IT can judge if the systems can handle high amounts of traffic. Thetesting solution needs to produce both secure and insecure traffic and have thelatest malware definitions in order to best replicate real-worldconditions. IT departments thatproactively implement such solutions will be able to stop a higher percentageof threats while allowing the business to operate efficiently.

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Malware Security Testing Strategies for Enterprises

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer