The objective of malware has moved from weapons of mass disruption, to weapons of ultimate stealth for data theft. Today, attackers want to go unnoticed. And they’ll do anything they can to get past traditional defenses. They’ll try to compromise your users through tainted links on social networking sites, or specially crafted email attachments, and even through infected USB drives. They’ll employ any means they can, and if they’re determined, they won’t stop until they succeed.The software tools they use today include attack exploit code, Trojans, keystroke loggers, network sniffers, bots – whatever works to infiltrate the network and then ex-filtrate the desired data.
Consider this quote from this CIO.com story, “Customized, stealthy malware growing pervasive”, from an experienced penetration tester:
"The advanced attack is getting more pervasive. In our engagements and my conversations with peers we are dealing with more organizations that are grappling with international infiltration. Every network we monitor, every large customer, has some kind of customized malware infiltrating data somewhere. I imagine anybody in the global 2,500 has this problem.”
Consider that quote again for a second: “Every network we monitor, every large customer, has some kind of customized malware infiltrating data somewhere.”
Obviously, the goal of the malware is to slither past anti-malware defenses, and too often the attackers are successful.
This is why the ability to quickly detect and respond to infiltrations is more crucial than ever for an effective IT security program. And that makes digital forensics software central to those efforts. By being able to quickly determine the nature and cause of an incident, forensics software can be used to stop future incidents through the increased visibility into the network it provides.
This is where EnCase® Cybersecurity shines. EnCase® Cybersecurity offers enterprises a way to obtain actionable endpoint data related to an event before that data has a chance to decay or disappear from the affected endpoint altogether. EnCase® Cybersecurity can easily be integrated with an alerting solution or SIEM of choice (such as ArcSight ESM) to enable real-time visibility into relevant endpoint data the moment an alert or event is generated. This ensures security teams have instant access to information such as hidden processes running at the time the alert was generated, ports that were open at the time and more. The ability to see the entire picture in regards to what was occurring on an endpoint – at a specific moment in time – allows for a far more accurate incident impact analysis and a way to gain visibility into any given threat. Having a clear view into that moment in time leads to faster incident resolution rather than chasing cold trails.
This type of instant response capability that better addresses potential threats is simply mandatory today, considering the stealthy nature of malware and significant effort that goes into masking any traces of an attack.
Anthony Di Bello is product marketing manager at Guidance Software.
