antivirus and firewalls

Why Antivirus and Firewalls Aren’t Enough Protection Against Malware

August 1, 2016 | By

Antivirus and firewalls are the backbone of any security program, used to gain visibility across the network for inbound attacks. However, it’s not wise to employ them as the only solutions to protect your organization against threats. Why?

  • Most exploits are delivered via the web and email, and both are allowed through firewalls
  • Today’s exploit kit automatically morphs malware so that it is not detectable by antivirus
  • Firewalls do not stop outbound data theft

Knowing where the weaknesses lie in a company’s defense, attackers can be quite successful at not only getting past them, but then accomplishing their mission of staying and stealing once inside. That’s because most antivirus and firewalls aren’t built to identify the latest malware attacks, let alone capture or eradicate the threats once they do make their way in — because they will. This is all to say that security has just become far more complex than it was a few short years ago.

Let’s take a look at how companies can strengthen their defenses with the right set of protections.

Employ an Inside-Out Approach to Malware Protection

Security, like an onion, consists of many layers designed to protect its innermost parts. While the outer layer of an onion is designed to protect it from disease and pests, pathogens get smarter over time and figure out ways to penetrate that layer. And once the pathogen is inside the onion, the onion isn’t prepared to fight against it and kick it back out, so it proceeds deeper and deeper until the onion is considered damaged goods.

Our adversaries work the same way. Once they find a way to circumvent traditional defenses (firewalls, antivirus, etc.), they’re in—with not much else standing in their way. Malware is especially tricky in that, once it’s in, its job is to maintain outbound communications with its sender in order to complete its mission. For example, consider an email that makes its way to your computer. That email isn’t blocked by a firewall, so you open it, click on a seemingly harmless link or attachment, and the malware unfolds. It begins its attack by “phoning home” back to its sender to receive details about executing the attack.

This means that not only do companies need to be prepared to stop malware attacks once they’re inside the network, they also need a way to stop it from communicating outwards, and, ultimately, to remove it. This is where a purpose-built malware protection solution comes in, and at Strongarm we’ve designed ours to be lightweight and automatic, for a fraction of the price of enterprise solutions.

Taking this into practice, let’s look at the effects of malware protection (or a lack thereof) by exploring a few recent examples.

Learn From the Biggest Attacks

Small and midsized businesses face many of the same problems with malware as big companies — they just don’t have the resources or budget to take care of them. This puts smaller businesses increasingly at risk because cybercriminals are well-aware of their lack of defenses.

Here are the results of a few recent malware attacks:

Infiltrating the Network: DNC Hack

Earlier this summer, Russian government hackers hacked into the Democratic National Committee’s (DNC) computer network with the goal of gathering intelligence on policies, practices, and strategies of the U.S. government, one of Russia’s biggest perceived adversaries.

It is suspected that hackers gained access by way of “spearphishing” emails sent to DNC employees — emails that appear legitimate but contain links and/or attachments that, when clicked, deploy malicious software that takes control of the system. This activity bypassed all antivirus and firewall controls that had been installed on the network. In fact, it was discovered that there were two separate groups involved in the attack unrelated to one another.

One of these groups flew completely under the radar, gaining access to the DNC network over a year ago, but it was the group who more recently got in whose actions tipped off officials with suspicious network activity. This group successfully acquired two key systems via spearphishing, which gave them access to the computers of the DNC’s research staff. Hackers were able to read all email and chat traffic across the DNC’s network, demonstrating the very determination of Russian hackers to penetrate strategic targets in order to gain intelligence. While the Russian government is an elite adversary, these same techniques are used by most attackers looking to steal information.

How to Protect Yourself:
Having the right malware protection, companies can automatically find and remove malicious software installed from spearphishing attacks like these. This should come in the form of being able to isolate and then redirect malware from your network and block outbound communications so that company IP and other sensitive information can’t be compromised, as it was in the DNC attack. Strongarm, for example, not only sounds the alarms when an infection is detected, it actually takes control of the malware so no damage is done.

Encrypted Malware Schemes: Yahoo

The same encryption technology companies employ to protect their own communications is increasingly being used by attackers. Yahoo was exploited when attackers took advantage of SSL/TLS to hide their malware from antivirus and firewalls by encrypting communications with command and control systems. By doing this, attackers were able to redirect 900 million Yahoo users to a malicious website hosting the Angler exploit kit. Similar “malvertising” attacks have hit many other major websites, including Match.com, AOL, and more.

Post-attack, Yahoo analyzed their data and discovered a sharp increase in SSL/TLS encryption activity in 2015. In the fourth quarter in particular, they discovered that nearly 65 percent of all web connections had been encrypted, leading to a spike in under-the-radar attacks. Gartner predicts that 50 percent of all network attacks will take advantage of SSL/TLS by 2017, up from 5 percent in 2013.

How to Protect Yourself:
Strongarm is specifically designed to not only block malware, but speak to it as well. What that means is that Strongarm automatically quarantines the malware and then initiates communication back to the command and control servers to learn as much as possible about the target and the intended severity of the attack so that businesses like Yahoo can both neutralize the attack and effectively formulate a plan to fully eradicate it from all systems before it can do any damage.

The types and examples of cyberattacks are endless, but the conclusion is the same: In order to stop malware from doing damage, companies need protection designed specifically for it.

When Antivirus and Firewalls Don’t Cut It: The Next Layer of the Security Equation

While antivirus and firewalls do a lot of good things, Strongarm is the next vital layer of protection for companies looking to effectively and automatically detect and remove malware threats.

Unlike most security solutions, adding Strongarm to your toolset doesn’t necessitate additional security resources to set up and manage. Strongarm is built to automatically find and remove malware for you. This is the next step for companies who want to avoid losing data, IP, and valuable credibility to cyberattacks.

Interested in seeing how it works? Try Strongarm for free today.