The hardest part of maintaining a security defence is figuring out the things we don\u2019t know \u2013 but by applying monitoring to all network traffic and simplifying accessibility to analytics tools, it\u2019s easier than ever to ferret out new malware and seal perimeters that have been compromised by mobile devices, a Palo Alto Networks analyst has advised. While the security solutions market has been flooded with new options for identifying and dealing with malware, \u201cyou need to be able to feed it into something that\u2019s actionable, and is going to help the business and actually give you some protection,\u201d Williamson told CSO Australia after his presentation at the AusCERT 2013 security conference. Analysis of 839 different pieces of malware, and 204 million logs, also found that 55% of all malware uses custom UDP (User Datagram Protocol) packets to communicate with command-and-control (C&C) servers; therefore, when a scan of network activity shows that 1.5% of traffic is comprised of unknown UDP packets, Williamson said, it\u2019s not hard to figure out where it\u2019s coming from.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Palo Alto Networks has positioned its WildFire platform to resolve this issue, by providing what Williamson calls a \u201cclassify everything\u201d view of all data coming into and going out of the network.<\/p>\n
<\/p>\n
Other common signature behaviours of malware include visits to an unregistered domain (24.38% of cases), the sending of emails (20.46%), contacting an IP country different from the host top-level domain (6.92%), downloading a file with an incorrect file extension (4.53%), visiting a recently registered domain (1.87%), and more.<\/p>\n
<\/p>\n
\u201c\u201dYou can always create an exception if you need to, but you can also set a rule that says \u2018if I see an HTTP post to new domains, that is something worth investigating\u2019.<\/p>\n
<\/p>\n
This confidence, says Palo Alto Networks\u2019 ANZ country manager Armando Dacal, often translates into a better business-IT alignment because the security team can ensure the business will be protected through highly-granular control over applications and user behavior. Such control will pave the way for higher business and IT confidence around the influx of smartphones and tablets as companies, many grudgingly, give in to the realities of bring your own device (BYOD) policies.<\/p>\n
<\/p>\n
\u201cBut users wanted to leverage the power in the devices \u2013 and now IT can have a discussion with the business around which users should have access to which applications, and how it can be done safely.\u201d \u201cWe\u2019re dealing with creative [malware authors],\u201d Williamson says, \u201cand we\u2019re in a world where we\u2019re going to have to be looking at what\u2019s coming in \u2013 and be engaged, creatively, about what\u2019s going on.<\/p>\n
<\/p>\n