How to mitigate the risk of network-spreading malicious software

Nowadays, many people use the Internet as a natural extension of their daily life. Whether it's chatting with friends, focusing on current affairs, doing special research or watching movies, they all need to use the Internet. We know that the bad guys must also know.

It risk managers often teach end users about standard Web security recommendations: Don't click, uninstall plug-ins, change passwords regularly, use anti-virus software, etc., but that doesn't seem to work. So it's not surprising that the Internet has become the number one medium for malware. Coupled with advances in technology, new cyber-spread attacks have begun to rise. Fortunately, we have some ways to mitigate the risks associated with web browsing, especially the risk of being infected with malware.

Network-propagated malware: separation and isolation

For malware, it is important to remember that it must be run to have a break. This means that an attacker would have to deploy a program in memory to take advantage of the CPU hosting the system to perform its malicious behavior. With this in mind, it is not difficult to see which system the malware resides in is critical to determining the extent of malware damage. Companies should separate this program from other production services to help reduce damage.

Separation is a long-term technology for reducing risk in the field of technology risk management, and isolation is a more stringent form. The military usually separates the secret system from the unclassified system by using the "space gap" of a single physical system or sometimes separating the virtual machines. Businesses have long started using firewalls and other network devices to isolate networks. In order to meet the payment card Industry data security standards or PCI-DSS, compliance, enterprises will often use the token to separate the scope of the data at the level of the system.

In addition, a method of so-called situational separation is the sandbox. A sandbox is an isolated (usually virtual) environment that restricts a calculation program or process, restricts or prevents it from interacting with other programs or processes. Sometimes, the sandbox is used as a variety of "fish tanks" to watch and evaluate suspicious software activity. There are times when it is used in a production environment to run important functions (such as an online banking application) or other important features that are less important and highly risky. In one or both of these cases, separating the browser from the operating environment minimizes the impact of malware.

Network-propagated malware: managed browsers

In this case, separation is a good way to help users safely navigate the Web. An increasingly popular form of separation on the web is the managed browser, which is typically run in a completely separate physical system that is responsible for interacting with the front-end network and completing the connection to the user through mapping activity to the backend user device. Compared to a secure Web gateway that terminates a connection, the managed browser runs some analysis, then forwards the approved packets (the original format) to the end user, the managed browser converts the content, and passes it to the end user through proprietary protocols similar to the Remote Desktop protocol for desktop virtualization or RDP. Managed browsers offer the same advantages as the above sandbox, but in the form of a network. Now, this complements the analytical sandbox, which brings more threat research and response capabilities. This advantage is obvious: If a malware program can only access resources on a browser-resident system, we can isolate the system and high-value resources, thereby limiting the ability of malware to compromise.

In addition, managed browsers provide anonymous functionality, which provides a clean browsing environment for each session.

Products that provide this functionality include Check Point WebCheck, Authentic8 Silo, Light Point Security's Light Point web and Spike security airgap.

Network-propagated malware: Turning Point

We are at a turning point in information security, and we must be aware that traditional technologies are limited in protecting users against the traditional malware of the web. It's time to deploy other measures to reduce risk, reduce or eliminate user involvement, and protect users. The separation model is well understood, and now technology has been improved enough to provide this functionality