Attack Detection System: A Better pattern for detecting malware

With the increasing complexity of malware, enterprises must extend their security best practices to join the double-layer security technology. Currently, there are many dual-layer security technologies. Attack Detection Systems (BDS), as a supplement to single-layer security tools, are worth the ability to detect malware. Specifically, the attack detection can identify the initial status of the malicious software being transmitted into the network, and identify the situation after the system or network is infected.
BDSDeployment model
The attack detection deployment mode is similar to that of the intrusion detection system or intrusion defense system, depending on the vendor you choose. They include the following:
Out-of-band deployment-use a port that spans a vswitch or a network shunt that maps data to BDS
Internal deployment-this is exactly the same as the network intrusion defense system
Terminal deployment-use clients installed on each enterprise asset
Each deployment scheme has its own advantages and disadvantages. The choice of this type depends entirely on the attack surface, network architecture, vertical industry, and data privacy law (laws of the country where physical data is located) You know ). Data Privacy law is important because some vendors need to collect data from your network and then send it to their cloud infrastructure. Although this is not a technical problem, if the supplier needs to perform analysis or data in your enterprise to be sent to its cloud computing for post-processing, you need to understand these problems with the supplier.
There are many advantages in post-processing in suppliers' cloud computing. They adopt large-scale parallel processing and expand resources as needed. This is completely open to you and scalable. However, other vendors can offer the same level of advantage in your business. In the end, if all these processing work is performed in the cloud of your enterprise or supplier, both deployment modes will come with the same answer: identifies unknown or known malware based on known samples or new things.
Understanding your attack surface
Understanding your attack surface is the most important aspect of your enterprise infrastructure. BDS is very successful in this regard, provided that it understands your operating system and approved applications (especially those connected to the Internet), because it is the main carrier for attackers to attack. This is a very important task because you need to defend against threats to the operating environment.
The final way to access your infrastructure is through internal users, including internal staff and remote staff. Enterprises should disable the isolation channel for remote VPN users; otherwise, your Malware detection investment will be ineffective. If it is difficult to disable the separation channel, we recommend that you provide the vendor of the endpoint BDS client.
You need to start by choosing the right BDS to help you detect potential threats to your business.